Advisories for Maven/Org.apache.wss4j/Wss4j package

2020

Use of a Broken or Risky Cryptographic Algorithm

The implementations of PKCS#1 key transport mechanism for XMLEncryption Apache WSS4J is susceptible to a Bleichenbacher attack.

2014

Improper security semantics enforcement of SAML SubjectConfirmation methods

This package when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.