Apache Software Foundation TomEE 4.0.0 Beta 2

CPE Details

Apache Software Foundation TomEE 4.0.0 Beta 2
apache
tomee
4.0.0
2018-09-24
12h02 +00:00
2018-09-24
12h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:tomee:4.0.0:beta2:*:*:*:*:*:*

Informations

Vendor

apache

Product

tomee

Version

4.0.0

Update

beta2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40690 2021-09-18 22h00 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5
High
CVE-2018-8031 2018-07-23 22h00 +00:00 The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863.
6.1
Medium