{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2011-4314","title":"Title"},{"category":"description","text":"message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2011-4314","url":"https://www.suse.com/security/cve/CVE-2011-4314"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 735883 for CVE-2011-4314","url":"https://bugzilla.suse.com/735883"},{"category":"external","summary":"SUSE Bug 735884 for CVE-2011-4314","url":"https://bugzilla.suse.com/735884"}],"title":"SUSE CVE CVE-2011-4314","tracking":{"current_release_date":"2023-02-15T05:50:02Z","generator":{"date":"2023-02-15T05:50:02Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2011-4314","initial_release_date":"2023-02-15T05:50:02Z","revision_history":[{"date":"2023-02-15T05:50:02Z","number":"2","summary":"Current version"}],"status":"interim","version":"2"}}}