VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-gm75-7u37-qbge

Essentials
Severities (27)
References (24)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gm75-7u37-qbge
Aliases	CVE-2011-4314 GHSA-j473-c3rr-rx9p
Summary	OpenID4Java does not verify that Attribute Exchange (AX) information is signed message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-345	Insufficient Verification of Data Authenticity
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://openid.net/2011/05/05/attribute-exchange-security-alert
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2012-0441.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2012-0519.html
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00571	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00571	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00783	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
epss	0.00783	https://api.first.org/data/v1/epss?cve=CVE-2011-4314
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-j473-c3rr-rx9p
generic_textual	MODERATE	https://github.com/jbufu/openid4java
generic_textual	MODERATE	https://issues.jboss.org/browse/JBEPP-1368
generic_textual	MODERATE	https://issues.jboss.org/browse/SOA-3597
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4314
generic_textual	MODERATE	https://web.archive.org/web/20201207151157/http://securitytracker.com/id?1026400
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/11/16/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/11/17/1
generic_textual	MODERATE	http://www.redhat.com/support/errata/RHSA-2011-1804.html

Reference id	Reference type	URL
		http://openid.net/2011/05/05/attribute-exchange-security-alert
		http://rhn.redhat.com/errata/RHSA-2012-0441.html
		http://rhn.redhat.com/errata/RHSA-2012-0519.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4314.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-4314
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4314
		https://github.com/jbufu/openid4java
		https://issues.jboss.org/browse/JBEPP-1368
		https://issues.jboss.org/browse/SOA-3597
		https://nvd.nist.gov/vuln/detail/CVE-2011-4314
		https://web.archive.org/web/20201207151157/http://securitytracker.com/id?1026400
		http://www.openwall.com/lists/oss-security/2011/11/16/1
		http://www.openwall.com/lists/oss-security/2011/11/17/1
		http://www.redhat.com/support/errata/RHSA-2011-1804.html
754386		https://bugzilla.redhat.com/show_bug.cgi?id=754386
GHSA-j473-c3rr-rx9p		https://github.com/advisories/GHSA-j473-c3rr-rx9p
RHSA-2011:1798		https://access.redhat.com/errata/RHSA-2011:1798
RHSA-2011:1799		https://access.redhat.com/errata/RHSA-2011:1799
RHSA-2011:1800		https://access.redhat.com/errata/RHSA-2011:1800
RHSA-2011:1802		https://access.redhat.com/errata/RHSA-2011:1802
RHSA-2011:1803		https://access.redhat.com/errata/RHSA-2011:1803
RHSA-2011:1805		https://access.redhat.com/errata/RHSA-2011:1805
RHSA-2011:1806		https://access.redhat.com/errata/RHSA-2011:1806
RHSA-2012:0378		https://access.redhat.com/errata/RHSA-2012:0378

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.68049
EPSS Score	0.00555
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:11:24.264683+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j473-c3rr-rx9p/GHSA-j473-c3rr-rx9p.json	38.0.0