VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.00592	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
epss	0.01039	https://api.first.org/data/v1/epss?cve=CVE-2010-2057
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=623799
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4fv4-cq5v-x45m
generic_textual	MODERATE	https://issues.apache.org/jira/browse/MYFACES-2749
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2010-2057
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-2057
generic_textual	MODERATE	http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801

System

Score

Found at

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.00592

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

epss

0.01039

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=623799

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-4fv4-cq5v-x45m

generic_textual

MODERATE

https://issues.apache.org/jira/browse/MYFACES-2749

cvssv2

5.0

https://nvd.nist.gov/vuln/detail/CVE-2010-2057

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2010-2057

generic_textual

MODERATE

http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801

Reference id

Reference type

URL

https://api.first.org/data/v1/epss?cve=CVE-2010-2057

https://bugzilla.redhat.com/show_bug.cgi?id=623799

https://issues.apache.org/jira/browse/MYFACES-2749

https://nvd.nist.gov/vuln/detail/CVE-2010-2057

http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?r1=943327&r2=951801

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2057

cpe:2.3:a:apache:myfaces:1.1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:myfaces:2.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:myfaces:2.0.0:*:*:*:*:*:*:*

GHSA-4fv4-cq5v-x45m

https://github.com/advisories/GHSA-4fv4-cq5v-x45m

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:45.996225+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2010-2057.yml	38.0.0

2026-04-01T12:46:45.996225+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2010-2057.yml

38.0.0

Vulnerability ID	VCID-dgtk-ndck-t7d9
Aliases	CVE-2010-2057 GHSA-4fv4-cq5v-x45m
Summary	Encrypted view state does not include MAC `shared/util/StateUtils.java` in this package uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310	Cryptographic Issues
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-287	Improper Authentication

Percentile	0.69163
EPSS Score	0.00592
Published At	April 1, 2026, 12:55 p.m.