Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin

Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...

com.fluxcorp.plugins:webservice-trigger (=1.0.4), com.googlecode.xades4j:xades4j (=1.3.1) +206 more potentially affected by CVE-2013-5823 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.2)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.6.0-p41, =1.0.0, =0.16, =0.16, =2.8.6, =2.10.0, =1.0.1, =1.0.1, =1.0.1, =1.0.2 - org.apache.cxf.fediz.examples:simpleWebapp =1.0.0 and more Source cves: CVE-2013-5823 Source advisory: OSV:GHSA-8GWC-X7MG-7P7P...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.2.6 - com.fluxcorp.plugins:webservice-trigger =1.0.4 - com.googlecode.xades4j:xades4j =1.3.1 - com.sitewhere:sitewhere-core =0.9.7 - com.sitewhere:sitewhere-gnuhealth =0.9.7 - com.sitewhere:sitewhere-hbase =0.9.7 -...

br.net.woodstock.rockframework:rockframework-core (=1.2.4), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +462 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.4.2 <=1.4.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.112-RELEASE - com.ahome-it:ahome-tooling-server-vaadin-core =1.0.112-RELEASE and more Source cves: CVE-2013-2172...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +701 more potentially affected by CVE-2013-4517 via org.apache.santuario:xmlsec (>=1.4.2 <=1.5.5)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2013-4517 Source advisory: OSV:GHSA-4P4W-6H54-G885...

com.coveo:saml-client (>=3.0.0 <=4.0.3), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +203 more potentially affected by CVE-2014-8152 via org.apache.santuario:xmlsec (>=2.0.0 <=2.0.2)

org.apache.santuario:xmlsec MAVEN version =2.0.0, =3.0.0, =6.0.1, =0.0.1, =4.0.1 - com.googlecode.xades4j:xades4j =1.3.2 - com.helger:ph-ebinterface =3.1.0 and more Source cves: CVE-2014-8152 Source advisory: OSV:GHSA-W7CQ-J9P9-HM3M...

Vulnerable version of xmlsec used - CVE-2021-40690

Affected versions of Atlassian Jira Server and Data Center used versions of xmlsec that were vulnerable to CVE-2021-40690. Affected versions: version 8.22.2 Workaround: version 8.22.2 LTS versions 8.13 and versions up to 8.20.14 should also apply this workaround. This is permanently fixed in...

Moderate: Red Hat Security Advisory: Red Hat Integration - Service Registry release and security update [2.0.3.GA]

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 for OpenShift image security and enhancement update

A new image is available for Red Hat Single Sign-On 7.5.1, running on OpenShift Container Platform 3.10 and 3.11, and 4.9. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

ai.wavemaker.runtime:wavemaker-app-runtime-core (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0) +1742 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=1.4.2 <=2.1.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.0.0-20260516144515, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0, =0.1.14, =12.1.0, =16.0.4 and more Source cves: CVE-2021-40690 Source advisory: OSV:GHSA-J8WC-GXX9-82HXhttps://vuln...

au.gov.nehta:clinical-document-packaging-library (=1.2.5), au.gov.nehta:common-library (>=1.1.1 <=1.2.1) +554 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=2.2.0 <=2.2.2)

org.apache.santuario:xmlsec MAVEN version =2.2.0, =1.1.1, =1.6.1, =1.3.5, =1.1.0, =2021.8.0, =4.20.0, =5.6.2 - cn.lindianyu:ldy-component =1.0.1 and more Source cves: CVE-2021-40690 Source advisory: OSV:GHSA-J8WC-GXX9-82HX...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.7 security update

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 (RHSA-2020:0804)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0804 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 (RHSA-2020:0805)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0805 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +505 more potentially affected by CVE-2019-12400 via org.apache.santuario:xmlsec (>=2.0.3 <=2.1.3)

org.apache.santuario:xmlsec MAVEN version =2.0.3, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.4.0.0, =0.7.0.1, =1.0.0, =1.31.0, =1.31.0, =1.31.0, =2.2.4, =2.2.4, =2.2.4, =2.3.19 - com.exacttarget:fuelsdk =1.1.0 and more Source cves: CVE-2019-12400 Source advisory:...

Arbitrary Code Injection

xmlsec is vulnerable to arbitrary code injection. An attacker is able to inject arbitrary code via the caching mechanism that was introduced to speed up the creation of new XML documents...

EulerOS Virtualization 2.5.3 : libxml2 (EulerOS-SA-2019-1353)

According to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that...