Access token validation errors affects all versions of Apache CXF prior to 3.3.4 and 3.2.11.

Free Trial

Access token validation errors affects all versions of Apache CXF prior to 3.3.4 and 3.2.11.

Overview :

Apache CXF OpenId Connect token service does not properly validate the clientId

Affected Product(s) :

Apache CXF prior to 3.3.4 and 3.2.11.

Vulnerability Details :

CVE ID :

CVE-2019-12419

Apache CXF provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied

If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.

Solution :

Users of Apache CXF that rely on the OpenId Connect service should update to either the 3.3.4 or 3.2.11 releases.

Contact us to get started

CVE-2024-20418 : CISCO IOS XE CONTROLLER WEB-BASED MANAGEMENT INTERFACE COMMAND INJECTION

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Learn more

CVE-2024-20536 : CISCO DATA CENTER NETWORK MANAGER 12.1.2E/12.1.2P/12.1.3B WEB-BASED MANAGEMENT INTERFACE/REST API ENDPOINT SQL INJECTION

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Learn more

CVE-2024-50340 : SYMFONY INJECTION

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Learn more