Jboss Fuse Esb Enterprise
Monthly
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.