Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.0.2
purl pkg:maven/org.apache.wss4j/wss4j-ws-security-dom@2.0.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6cjx-y4ey-e3b6 Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. CVE-2015-0226
GHSA-vjwc-5hfh-2vv5
VCID-wmr9-j6fm-pbap Improper security semantics enforcement of SAML SubjectConfirmation methods This package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. CVE-2014-3623
GHSA-99v3-9x35-c5vf

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:52:13.931888+00:00 GitLab Importer Fixing VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2015-0226.yml 38.4.0
2026-04-16T21:48:20.405205+00:00 GitLab Importer Fixing VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2014-3623.yml 38.4.0
2026-04-11T23:08:01.423051+00:00 GitLab Importer Fixing VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2015-0226.yml 38.3.0
2026-04-11T23:04:13.761173+00:00 GitLab Importer Fixing VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2014-3623.yml 38.3.0
2026-04-04T14:30:07.934398+00:00 GHSA Importer Fixing VCID-6cjx-y4ey-e3b6 https://github.com/advisories/GHSA-vjwc-5hfh-2vv5 38.1.0
2026-04-02T23:16:29.035982+00:00 GitLab Importer Fixing VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2015-0226.yml 38.1.0
2026-04-02T23:12:35.138038+00:00 GitLab Importer Fixing VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2014-3623.yml 38.1.0
2026-04-01T16:00:58.294798+00:00 GHSA Importer Fixing VCID-wmr9-j6fm-pbap https://github.com/advisories/GHSA-99v3-9x35-c5vf 38.0.0
2026-04-01T13:09:42.414988+00:00 GithubOSV Importer Fixing VCID-wmr9-j6fm-pbap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-99v3-9x35-c5vf/GHSA-99v3-9x35-c5vf.json 38.0.0
2026-04-01T13:07:36.210296+00:00 GithubOSV Importer Fixing VCID-6cjx-y4ey-e3b6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjwc-5hfh-2vv5/GHSA-vjwc-5hfh-2vv5.json 38.0.0
2026-04-01T12:50:40.367963+00:00 GitLab Importer Fixing VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2015-0226.yml 38.0.0
2026-04-01T12:50:13.646839+00:00 GitLab Importer Fixing VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.wss4j/wss4j-ws-security-dom/CVE-2014-3623.yml 38.0.0