VDB

GCVE-110-MAGEIA-2014-552

GCVE-110-MAGEIA-2014-552
Advisory Published
Vulnetix · Advisory published December 26, 2014
Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors (CVE-2014-3623).

Affected Products

VendorProductVersionsPlatforms
Mageiawss4j0 (affected), 1.6.17-1.mga4 (unaffected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›