Lucene search
K

3 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:26 p.m.36 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)

Summary BM Sterling B2B Integrator has addressed the secuirty vulnerabilities in Apache Santurio XML Security. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passi...

7.5CVSS7.5AI score0.10448EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:5 a.m.6 views

com.coveo:saml-client (>=3.0.0 <=4.0.3), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +203 more potentially affected by CVE-2014-8152 via org.apache.santuario:xmlsec (>=2.0.0 <=2.0.2)

org.apache.santuario:xmlsec MAVEN version =2.0.0, =3.0.0, =6.0.1, =0.0.1, =4.0.1 - com.googlecode.xades4j:xades4j =1.3.2 - com.helger:ph-ebinterface =3.1.0 and more Source cves: CVE-2014-8152 Source advisory: OSV:GHSA-W7CQ-J9P9-HM3M...

5CVSS5.8AI score0.05639EPSS
Exploits0
CVE
CVE
added 2015/01/21 6:0 p.m.79 views

CVE-2014-8152

CVE-2014-8152 affects Apache Santuario XML Security for Java 2.0.x prior to 2.0.3. The vulnerability arises from improper handling in the streaming XML Signature verification, allowing a remote attacker to bypass the streaming XML signature protection mechanism and potentially modify a crafted XM...

5CVSS6.7AI score0.05639EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder