Lucene search
K

8 matches found

NVD
NVD
added 2026/06/11 7:16 a.m.15 views

CVE-2026-40994

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.5 views

UBUNTU-CVE-2026-40994

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.2AI score0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 5:3 a.m.28 views

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:3 a.m.9 views

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.3AI score0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:3 a.m.8 views

EUVD-2026-36204

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:3 a.m.50 views

CVE-2026-40994

Summary: CVE-2026-40994 affects Spring Web Services where Wss4jSecurityInterceptor initializes its BSP flag to disable BSP enforcement on inbound data, weakening protocol-level WS-Security checks. Affected versions: Spring Web Services 5.0.0–5.0.1; 4.1.0–4.1.3; 4.0.0–4.0.18; 3.1.0–3.1.8. Impact (...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48617

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor...

8.2CVSS5.8AI score0.00229EPSS
Exploits0References7
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40994: Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData , contradicting the intended secure default and published setter contract. Services that validate WS-Security on the network could...

8.2CVSS5.9AI score0.00229EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder