VulnerableCode Package Details - pkg:rpm/redhat/eap7-apache-cxf@3.3.7-1.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-c3c2-b2bc-6bdh Aliases: CVE-2020-14338 GHSA-w4jq-qh47-hvjq	Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.	There are no reported fixed by versions.
VCID-fekg-fn5e-augk Aliases: CVE-2020-1954 GHSA-ffm7-7r8g-77xm	Exposure of Sensitive Information to an Unauthorized Actor in Apache CXF Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.	There are no reported fixed by versions.
VCID-jcvv-g8kh-ffag Aliases: CVE-2020-14340 GHSA-c738-77x8-wmq5	Uncontrolled Resource Consumption in XNIO A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.	There are no reported fixed by versions.
VCID-whfh-hycv-7yft Aliases: CVE-2020-14299	picketbox: JBoss EAP reload to admin-only mode allows authentication bypass	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-c3c2-b2bc-6bdh
Aliases:
CVE-2020-14338
GHSA-w4jq-qh47-hvjq

Improper Input Validation A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

There are no reported fixed by versions.

VCID-fekg-fn5e-augk
Aliases:
CVE-2020-1954
GHSA-ffm7-7r8g-77xm

Exposure of Sensitive Information to an Unauthorized Actor in Apache CXF Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

There are no reported fixed by versions.

VCID-jcvv-g8kh-ffag
Aliases:
CVE-2020-14340
GHSA-c738-77x8-wmq5

Uncontrolled Resource Consumption in XNIO A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

There are no reported fixed by versions.

VCID-whfh-hycv-7yft
Aliases:
CVE-2020-14299

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:09:25.545092+00:00	RedHat Importer	Affected by	VCID-fekg-fn5e-augk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json	38.0.0
2026-04-01T14:05:32.262746+00:00	RedHat Importer	Affected by	VCID-jcvv-g8kh-ffag	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14340.json	38.0.0
2026-04-01T14:04:53.110044+00:00	RedHat Importer	Affected by	VCID-c3c2-b2bc-6bdh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14338.json	38.0.0
2026-04-01T14:04:15.143983+00:00	RedHat Importer	Affected by	VCID-whfh-hycv-7yft	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14299.json	38.0.0