{"url":"http://public2.vulnerablecode.io/api/packages/52015?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","type":"maven","namespace":"org.apache.ws.security","name":"wss4j","version":"1.6.17","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.2.0","latest_non_vulnerable_version":"2.02","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37765?format=json","vulnerability_id":"VCID-4whf-68hm-6be4","summary":"Improper security semantics enforcement of SAML SubjectConfirmation methods\nThis package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3623.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3623","reference_id":"","reference_type":"","scores":[{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85586","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3623"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/437","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/437"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97754","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"},{"reference_url":"https://issues.apache.org/jira/browse/WSS-511","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WSS-511"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157304","reference_id":"1157304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157304"},{"reference_url":"https://bugzilla.redhat.com/CVE-2014-3623","reference_id":"CVE-2014-3623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2014-3623"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3623","reference_id":"CVE-2014-3623","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3623"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-3623.txt.asc","reference_id":"CVE-2014-3623.TXT.ASC","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-3623.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-99v3-9x35-c5vf","reference_id":"GHSA-99v3-9x35-c5vf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-99v3-9x35-c5vf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2019","reference_id":"RHSA-2014:2019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2020","reference_id":"RHSA-2014:2020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0236","reference_id":"RHSA-2015:0236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52015?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}],"aliases":["CVE-2014-3623","GHSA-99v3-9x35-c5vf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4whf-68hm-6be4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43886?format=json","vulnerability_id":"VCID-axqp-xsr5-yqej","summary":"Improper Access Control in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227","reference_id":"","reference_type":"","scores":[{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94434","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"},{"reference_url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451","reference_id":"1191451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227","reference_id":"CVE-2015-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227"},{"reference_url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw","reference_id":"GHSA-6r5v-hp32-fjqw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52015?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"},{"url":"http://public2.vulnerablecode.io/api/packages/63107?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@2.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/156125?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@2.02","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@2.02"}],"aliases":["CVE-2015-0227","GHSA-6r5v-hp32-fjqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axqp-xsr5-yqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43996?format=json","vulnerability_id":"VCID-s2q7-ybj4-ubg5","summary":"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1376"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226","reference_id":"","reference_type":"","scores":[{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.90107","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226"},{"reference_url":"https://github.com/apache/ws-wss4j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1621329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1621329"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446","reference_id":"1191446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226","reference_id":"CVE-2015-0226","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226"},{"reference_url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc","reference_id":"CVE-2015-0226.TXT.ASC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5","reference_id":"GHSA-vjwc-5hfh-2vv5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52015?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}],"aliases":["CVE-2015-0226","GHSA-vjwc-5hfh-2vv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2q7-ybj4-ubg5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}