CVE-2020-13954

🗓️ 12 Nov 2020 12:45:14Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 159 Views

Apache CXF /services page XSS vulnerabilit

Reporter	Title	Published	Views	Family All 35
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache CXF affects IBM Tivoli Business Service Manager (CVE-2020-13954)	6 Oct 202204:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	29 Apr 202502:26	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache CXF library shipped with IBM Global Mailbox (CVE-2020-13954)	25 Jan 202109:45	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability in Apache CXF affects IBM InfoSphere Master Data Management	11 Jan 202318:26	–	ibm
IBM Security Bulletins	Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13954)	1 Oct 202118:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	3 Dec 202118:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	23 Jul 202113:09	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in Apache CXF, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-13954)	24 Mar 202107:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)	11 Apr 202215:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway	11 Jan 202318:41	–	ibm

NVD

Vulners

Node

apache cxfRange<3.3.8

apache cxfRange3.4.0–3.4.1

Node

netapp snap_creator_frameworkMatch-

netapp vasa_provider_for_clustered_data_ontapRange9.6≥

Node

oracle business_intelligenceMatch5.5.0.0.0enterprise

oracle business_intelligenceMatch5.9.0.0.0enterprise

oracle business_intelligenceMatch12.2.1.3.0enterprise

oracle business_intelligenceMatch12.2.1.4.0enterprise

oracle retail_order_broker_cloud_serviceMatch15.0

oracle communications_messaging_serverMatch8.0.2

oracle communications_messaging_serverMatch8.1

[
  {
    "product": "Apache CXF",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.4.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "3.3.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2021.html
lists	www.lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a863878a8532a89f993f%40%3Cusers.cxf.apache.org%3E
cxf	www.cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc
lists	www.lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318a580b6746aa5ef%40%3Cdev.syncope.apache.org%3E
lists	www.lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd100364cd8a15f0b3ec%40%3Cusers.cxf.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuApr2021.html

21 Nov 2024 05:02Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24.3

CVSS 3.16.1

EPSS0.14577

CWE-79