CVE-2022-46363: 
Java vulnerability analysis and mitigation

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-20 (Improper Input Validation) according to the Apache Software Foundation (NVD).

When successfully exploited, this vulnerability allows attackers to perform remote directory listing or code exfiltration, potentially exposing sensitive information from the affected systems (NVD).

The vulnerability has been fixed in Apache CXF versions 3.5.5 and 3.4.10. Users should upgrade to these or later versions to address the security issue. Additionally, ensuring that the CXFServlet is not configured with both static-resources-list and redirect-query-check attributes simultaneously can prevent the vulnerability (NVD).