Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Cxf
APPApache3.2.0 – 3.2.11 (bez)3.3.0 – 3.3.4 (bez)Oracle Commerce Guided Search
APPOracle11.3.2Oracle Enterprise Manager Base Platform
APPOracle13.2.1.0Oracle Flexcube Private Banking
APPOracle12.0.012.1.0Oracle Retail Order Broker
APPOracle15.0
Related vulnerabilities
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...