Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:42 a.m.29 views

Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)

Summary Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin. Vulnerability Details CVEID:CVE-2014-3623 DESCRIPTION: Apache CXF could...

5CVSS6AI score0.09224EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.7 views

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...

5CVSS5.9AI score0.09224EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2014-0552)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.09224EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.45 views

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.1.0 update

Red Hat JBoss Data Virtualization 6.1.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

7.5CVSS6.6AI score0.24738EPSS
Exploits2References20
OSV
OSV
added 2014/12/26 5:4 p.m.7 views

MGASA-2014-0552 Updated wss4j packages fix CVE-2014-3623

Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...

5CVSS6.4AI score0.09224EPSS
Exploits0References3
Mageia
Mageia
added 2014/12/26 5:4 p.m.42 views

Updated wss4j packages fix CVE-2014-3623

Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...

5CVSS6.5AI score0.09224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/12/22 12:0 a.m.55 views

RHEL 5 / 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.3.2 (RHSA-2014:2019)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:2019 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was...

5.8CVSS6.2AI score0.09224EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2014/12/18 5:58 p.m.60 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.2 security update

Updated Red Hat JBoss Enterprise Application Platform 6.3.2 packages that fix three security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

5.8CVSS6.4AI score0.09224EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2014/11/07 12:0 a.m.27 views

Fedora Update for wss4j FEDORA-2014-13720

Check the version of wss4j SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868458";...

5CVSS6.4AI score0.09224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/11/07 12:0 a.m.25 views

Fedora 20 : wss4j-1.6.17-1.fc20 (2014-13720)

Security fix for CVE-2014-3623 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

5CVSS5.2AI score0.09224EPSS
Exploits0References3
CVE
CVE
added 2014/10/30 2:0 p.m.95 views

CVE-2014-3623

CVE-2014-3623 affects Apache WSS4J (used in Apache CXF) where, when configured with TransportBinding, it fails to properly enforce SAML SubjectConfirmation security semantics, enabling possible remote spoofing of web service endpoints. Affected versions: WSS4J before 1.6.17 and 2.x before 2.0.2 (...

5CVSS6.5AI score0.09224EPSS
Exploits0References15Affected Software1
Rows per page
Query Builder