CVE-2011-4314 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-4314 Interim 1 3 2021-06-09T09:05:13Z current 2021-05-30T13:00:36Z 2021-06-09T09:05:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-4314 message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. CVE-2011-4314 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P