5.8
CVE-2011-4314
- EPSS 1.29%
- Published 27.01.2012 15:55:04
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Data is provided by the National Vulnerability Database (NVD)
Kay Framework Project ≫ Kay Framework Version <= 1.0.1
Kay Framework Project ≫ Kay Framework Version0.0.0 Update-
Kay Framework Project ≫ Kay Framework Version0.1.0
Kay Framework Project ≫ Kay Framework Version0.2.0
Kay Framework Project ≫ Kay Framework Version0.3.0
Kay Framework Project ≫ Kay Framework Version0.8.0
Kay Framework Project ≫ Kay Framework Version1.0.0
Openid ≫ Openid4java Version <= 0.9.5.593
Openid ≫ Openid4java Version0.9.2
Openid ≫ Openid4java Version0.9.3
Openid ≫ Openid4java Version0.9.4.339
Redhat ≫ Jboss Enterprise Application Platform Version5.1.0
Redhat ≫ Jboss Enterprise Application Platform Version5.1.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.29% | 0.788 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.