Skip to main content

Wss4J

3 CVEs product

Monthly

CVE-2015-0226 Maven HIGH PATCH This Week

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Wss4J
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2015-0227 Maven MEDIUM PATCH This Month

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.9%.

Privilege Escalation Apache Wss4J
NVD
CVSS 2.0
5.0
EPSS
13.9%
CVE-2014-3623 Maven MEDIUM PATCH This Month

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Wss4J Cxf
NVD
CVSS 2.0
5.0
EPSS
2.5%
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Wss4J
NVD
EPSS 14% CVSS 5.0
MEDIUM PATCH This Month

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.9%.

Privilege Escalation Apache Wss4J
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Wss4J +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy