Search for packages
| purl | pkg:maven/org.apache.cxf/cxf-rt-management@3.0.0-milestone2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kxm6-jc3k-3bfp
Aliases: CVE-2020-1954 GHSA-ffm7-7r8g-77xm |
Apache CXF JMX Integration is vulnerable to a MITM attack Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `InstrumentationManagerImpl` is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T09:30:55.070043+00:00 | GitLab Importer | Affected by | VCID-kxm6-jc3k-3bfp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-management/CVE-2020-1954.yml | 37.0.0 |