CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

vulnersOsv•added 2022/05/13 1:9 a.m.•1 views

org.apache.cxf.fediz:apache-fediz (=1.3.1) potentially affected by CVE-2017-7662 via org.apache.cxf.fediz:fediz-oidc (=1.3.1)

org.apache.cxf.fediz:fediz-oidc MAVEN version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-oidc and may be impacted: - org.apache.cxf.fediz:apache-fediz =1.3.1 Source cves: CVE-2017-7662 Source advisory:...

8.8CVSS7.2AI score0.00987EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:57 p.m.•1 views

org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring3 (>=1.4.0 <=1.4.2), org.apache.cxf.fediz:apache-fediz (>=1.4.1 <=1.4.2) potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring3 (>=1.4.0 <=1.4.2)

org.apache.cxf.fediz:fediz-spring3 MAVEN version =1.4.0, =1.4.0, =1.4.1, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

8.8CVSS7.2AI score0.01374EPSS

Exploits3

vulnersOsv•added 2018/10/18 4:57 p.m.•1 views

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (=1.3.0), org.apache.cxf.fediz.examples:springPreauthWebapp (=1.3.0) +4 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (=1.3.0)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring and may be impacted: - org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp =1.3.0 -...

9.8CVSS7.2AI score0.02058EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:57 p.m.•0 views

org.apache.cxf.fediz:apache-fediz (=1.2.0) potentially affected by CVE-2015-5175 via org.apache.cxf.fediz:fediz-idp (=1.2.0)

org.apache.cxf.fediz:fediz-idp MAVEN version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-idp and may be impacted: - org.apache.cxf.fediz:apache-fediz =1.2.0 Source cves: CVE-2015-5175 Source advisory:...

7.5CVSS7.1AI score0.13564EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:56 p.m.•0 views

org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.4.3) potentially affected by CVE-2018-8038 via org.apache.cxf.fediz:fediz-jetty8 (>=1.3.0 <=1.4.3)

org.apache.cxf.fediz:fediz-jetty8 MAVEN version =1.3.0, =1.3.0, =1.4.3 Source cves: CVE-2018-8038 Source advisory: OSV:GHSA-W3GH-G32M-CVHR...

7.5CVSS7AI score0.50435EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:56 p.m.•0 views

org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.4.3) potentially affected by CVE-2018-8038 via org.apache.cxf.fediz:fediz-jetty9 (>=1.3.0 <=1.4.3)

org.apache.cxf.fediz:fediz-jetty9 MAVEN version =1.3.0, =1.3.0, =1.4.3 Source cves: CVE-2018-8038 Source advisory: OSV:GHSA-W3GH-G32M-CVHR...

7.5CVSS7AI score0.50435EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:56 p.m.•0 views

org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.3.1) potentially affected by CVE-2017-7661 via org.apache.cxf.fediz:fediz-jetty8 (>=1.3.0 <=1.3.1)

org.apache.cxf.fediz:fediz-jetty8 MAVEN version =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2017-7661 Source advisory: OSV:GHSA-WHW7-H25V-9QVX...

8.8CVSS7.2AI score0.00925EPSS

Exploits0

vulnersOsv•added 2018/10/18 4:56 p.m.•1 views

org.apache.cxf.fediz:apache-fediz (>=1.3.0 <=1.3.1) potentially affected by CVE-2017-7661 via org.apache.cxf.fediz:fediz-jetty9 (>=1.3.0 <=1.3.1)

org.apache.cxf.fediz:fediz-jetty9 MAVEN version =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2017-7661 Source advisory: OSV:GHSA-WHW7-H25V-9QVX...

8.8CVSS7.2AI score0.00925EPSS

Exploits0

Veracode•added 2017/12/01 6:49 a.m.•5 views

Cross-Site Request Forgery(CSRF)

Apache Fediz Spring Plugin is vulnerable to cross-site request forgery CSRF attacks. The attacks are possible because the application does not properly check the session state of a HTTP request, allowing a malicious user to take the roles of other end users...

8.8CVSS7.1AI score0.01374EPSS

Exploits3References17Affected Software3

Veracode•added 2017/05/17 2:11 a.m.•16 views

Cross-site Request Forgery (CSRF)

Apache Fediz is vulnerable to cross-site request forgery CSRF attacks. The attack happens when a client starts the authentication process and does not complete it for example when the IdP is unavailable, leading to a security context set up using a malicious client's roles for the given enduser...

8.8CVSS6.8AI score0.00925EPSS

Exploits0References13Affected Software4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by