VulnerableCode Package Details - pkg:rpm/redhat/apache-cxf@2.7.14-1.redhat_1.1.ep6?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/apache-cxf@2.7.14-1.redhat_1.1.ep6?arch=el7

Essentials
History (5)

purl	pkg:rpm/redhat/apache-cxf@2.7.14-1.redhat_1.1.ep6?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-18sk-y8hg-dfec Aliases: CVE-2014-7853	Subsystem: Information disclosure via incorrect sensitivity classification of attribute	There are no reported fixed by versions.
VCID-1hkw-y3nn-zbea Aliases: CVE-2014-8122 GHSA-338v-3958-8v8r	Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.	There are no reported fixed by versions.
VCID-ejb2-gj9u-5fcn Aliases: CVE-2014-7849	Management: Limited RBAC authorization bypass	There are no reported fixed by versions.
VCID-jds7-wgvc-k7hy Aliases: CVE-2014-7827	Wrong security context loaded when using SAML2 STS Login Module The `org.jboss.security.plugins.mapping.JBossMappingManager` implementation in this package uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.	There are no reported fixed by versions.
VCID-w6us-ebca-bygb Aliases: CVE-2014-7839 GHSA-pc54-pchm-xcw6	External entities expanded by DocumentProvider `DocumentProvider` in this package does not configure the external-general-entities or external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:45:23.159936+00:00	RedHat Importer	Affected by	VCID-w6us-ebca-bygb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7839.json	38.0.0
2026-04-01T14:45:14.931530+00:00	RedHat Importer	Affected by	VCID-1hkw-y3nn-zbea	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8122.json	38.0.0
2026-04-01T14:43:42.478308+00:00	RedHat Importer	Affected by	VCID-18sk-y8hg-dfec	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7853.json	38.0.0
2026-04-01T14:43:37.625861+00:00	RedHat Importer	Affected by	VCID-ejb2-gj9u-5fcn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7849.json	38.0.0
2026-04-01T14:43:33.022015+00:00	RedHat Importer	Affected by	VCID-jds7-wgvc-k7hy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7827.json	38.0.0