Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB3F6F1A1DB51F9E66309243A80EF24470016A05AD7101A44A6DA3117E2A18970
HistoryOct 06, 2022 - 4:42 a.m.

Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)

2022-10-0604:42:38
www.ibm.com
4

0.004 Low

EPSS

Percentile

73.3%

JSON

Summary

Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2014-3623
**DESCRIPTION:**Apache CXF could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding. An attacker could exploit this vulnerability to possibly conduct spoofing attacks.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/97754 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Business Service Manager 6.2.0

Remediation/Fixes

Product VRMF APAR Remediation
IBM Tivoli Business Service Manager 6.2.0 6.2.0.4 IJ32982 Upgrade to IBM Tivoli Business Service Manager 6.2.0.4

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli business service managereq6.2.0

Related

nessus 3
fedora 2
github 1
mageia 1
cve 1
osv 1
openvas 2
prion 1
redhat 5
nessus
nessus
Fedora 21 : wss4j-1.6.17-1.fc21 (2014-13831)
2014-11-03 00:00:00
Fedora 20 : wss4j-1.6.17-1.fc20 (2014-13720)
2014-11-07 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:2019)
2014-12-22 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: wss4j-1.6.17-1.fc21
2014-11-01 17:15:43
[SECURITY] Fedora 20 Update: wss4j-1.6.17-1.fc20
2014-11-07 02:33:29
github
github
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
mageia
mageia
Updated wss4j packages fix CVE-2014-3623
2014-12-26 20:04:58
cve
cve
CVE-2014-3623
2014-10-30 14:55:00
osv
osv
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
openvas
openvas
Fedora Update for wss4j FEDORA-2014-13720
2014-11-07 00:00:00
Mageia: Security Advisory (MGASA-2014-0552)
2022-01-28 00:00:00
prion
prion
Design/Logic Flaw
2014-10-30 14:55:00
redhat
redhat
(RHSA-2015:0236) Moderate: Red Hat JBoss Fuse/A-MQ 6.1.0 security and bug fix update
2015-02-18 21:24:02
(RHSA-2014:2019) Important: Red Hat JBoss Enterprise Application Platform 6.3.2 security update
2014-12-18 00:00:00
(RHSA-2015:0851) Important: Red Hat JBoss BPM Suite 6.1.0 update
2015-04-16 16:01:23

0.004 Low

EPSS

Percentile

73.3%

JSON
Related for B3F6F1A1DB51F9E66309243A80EF24470016A05AD7101A44A6DA3117E2A18970
nessus3fedora2github1mageia1cve1osv1openvas2prion1redhat5