Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/21 2:45 p.m.19 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-32007, CVE-2024-29736. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...

9.1CVSS6.8AI score0.01269EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.39 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.

Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

9.1CVSS6.7AI score0.02716EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.48 views

Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only...

9.1CVSS7AI score0.01269EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.8 views

io.quarkiverse.cxf:quarkus-cxf-integration-test-ws-trust (>=2.0.0 <=3.13.0), io.quarkiverse.cxf:quarkus-cxf-services-sts (>=2.0.0 <=3.13.0) +23 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=4.0.0 <=4.0.4)

org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =4.0.0, =2.0.0, =2.0.0, =2.0.0, =4.0.0, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-32007 Source a...

7.5CVSS6.8AI score0.01269EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.4 views

com.amazon.opendistroforelasticsearch:opendistro_security (>=1.4.0.0 <=1.13.1.0), com.amazon.opendistroforelasticsearch:opendistro_security_advanced_modules (>=0.7.0.1 <=1.3.0.0) +215 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=3.0.2 <=3.5.8)

org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =3.0.2, =1.4.0.0, =0.7.0.1, =6.0-21.0, =6.0.1-31.3, =4.2.0.1, =1.7.2.230613, =1.7.2.230622, =7.2.0, =6.3.0, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =2.16.01 and more Source cves: CVE-2024-32007 Source advisory: OSV:GHSA-6PFF-FMH2-4MMF...

7.5CVSS6.6AI score0.01269EPSS
Exploits0
NVD
NVD
added 2024/07/19 9:15 a.m.24 views

CVE-2024-32007

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

7.5CVSS0.01269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/19 8:50 a.m.28 views

CVE-2024-32007 Apache CXF Denial of Service vulnerability in JOSE

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

7.5AI score0.01269EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/19 8:50 a.m.36 views

CVE-2024-32007 Apache CXF Denial of Service vulnerability in JOSE

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

0.01269EPSS
Exploits0References1
Rows per page
Query Builder