8 matches found
Security Bulletin: IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache CXF
Summary IBM Sterling B2B Integrator uses Apache CXF. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.0 release and security update
Red Hat JBoss Web Server 5.7.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2021-22696
Summary IBM TRIRIGA Application Platform discloses CVE-2021-22696 Vulnerability Details CVEID:CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2 authorization service. By sending a specially-crafted...
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-22696)
Summary This security bulletin addresses the vulnerability in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVEID: CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requestu...
Security Bulletin: Apache CXF Vulnerability Affects IBM Global Mailbox (CVE-2021-22696)
Summary Security vulnerability have been Identified In Apache CXF library shipped with IBM Global Mailbox. Vulnerability Details CVEID: CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2 authorization...
com.treelogic-swe:aws-mock (=1.0), com.treelogic-swe:cxf-stub (=ec2-2013-02-01) potentially affected by CVE-2021-22696 via org.apache.cxf:apache-cxf (=2.7.5)
org.apache.cxf:apache-cxf MAVEN version =2.7.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:apache-cxf and may be impacted: - com.treelogic-swe:aws-mock =1.0 - com.treelogic-swe:cxf-stub =ec2-2013-02-01 Source cves: CVE-2021-22696...
com.kumuluz.ee:kumuluzee-jax-ws-cxf (>=2.6.0 <=3.12.2), net.kieker-monitoring:analysis (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2021-22696 via org.apache.cxf:cxf (>=2.7.18 <=3.2.6)
org.apache.cxf:cxf MAVEN version =2.7.18, =2.6.0, =2.0.0, =2.0.3 - org.apache.nutch:nutch =1.10 Source cves: CVE-2021-22696 Source advisory: OSV:GHSA-7Q4H-PJ78-J7VG...
CVE-2021-22696
CVE-2021-22696 affects Apache CXF where improper validation of the request_uri parameter in OAuth 2 flows allows a remote attacker to cause a denial of service on the authorization server. The issue occurs when a JWT-based request uses a request_uri to fetch the token, with insufficient validatio...