Known Vulnerabilities for Cxf by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Cxf" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40690 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secur... | 7.5 - HIGH | 2021-09-19 | 2023-11-07 |
| CVE-2021-30468 | A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, ... | 7.5 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-22696 | CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The O... | 7.5 - HIGH | 2021-04-02 | 2023-11-07 |
| CVE-2020-13954 | By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webp... | 6.1 - MEDIUM | 2020-11-12 | 2023-11-07 |
| CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ... | 5.3 - MEDIUM | 2020-04-01 | 2023-11-07 |
| CVE-2019-17573 | By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webp... | 6.1 - MEDIUM | 2020-01-16 | 2023-11-07 |
| CVE-2019-12423 | Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which... | 7.5 - HIGH | 2020-01-16 | 2023-11-07 |
| CVE-2019-12419 | Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect s... | 9.8 - CRITICAL | 2019-11-06 | 2023-11-07 |
| CVE-2019-12406 | Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leave... | 6.5 - MEDIUM | 2019-11-06 | 2023-11-07 |
| CVE-2018-8039 | It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handl... | 8.1 - HIGH | 2018-07-02 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Cxf | 3.4.1 | All | All | All |
| Application | Apache | Cxf | 3.4.0 | All | All | All |
| Application | Apache | Cxf | 3.3.8 | All | All | All |
| Application | Apache | Cxf | 3.3.7 | All | All | All |
| Application | Apache | Cxf | 3.3.6 | All | All | All |
| Application | Apache | Cxf | 3.3.5 | All | All | All |
| Application | Apache | Cxf | 3.3.4 | All | All | All |
| Application | Apache | Cxf | 3.3.3 | All | All | All |
| Application | Apache | Cxf | 3.3.2 | All | All | All |
| Application | Apache | Cxf | 3.3.1 | All | All | All |
| Application | Apache | Cxf | 3.3.0 | All | All | All |
| Application | Apache | Cxf | 3.2.9 | All | All | All |
| Application | Apache | Cxf | 3.2.8 | All | All | All |
| Application | Apache | Cxf | 3.2.7 | All | All | All |
| Application | Apache | Cxf | 3.2.6 | All | All | All |
| Application | Apache | Cxf | 3.2.5 | All | All | All |
| Application | Apache | Cxf | 3.2.4 | All | All | All |
| Application | Apache | Cxf | 3.2.3 | All | All | All |
| Application | Apache | Cxf | 3.2.2 | All | All | All |
| Application | Apache | Cxf | 3.2.13 | All | All | All |