6 matches found
EUVD-2022-3343
Malicious code in bioql PyPI...
Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)
Summary Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin. Vulnerability Details CVEID:CVE-2014-3623 DESCRIPTION: Apache CXF could...
Improper Authentication in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...
GHSA-99V3-9X35-C5VF Improper Authentication in Apache WSS4J
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
CVE-2014-3623
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...