← Back

Openid4java

openid4java

Vendor: Openid • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2011-4314
3Kay Framework Project
OpenidRedhat
3Jboss Enterprise Application Platform
Kay FrameworkOpenid4java
Apr 29, 2026
Jan 27, 2012
N/A· v4
N/A· v3
5.8 MEDIUM· v2
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribut...Show more
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.Show less