Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-21	CVE-2016-4464	Improper Access Control vulnerability in Apache CXF Fediz The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. network low complexity apache CWE-284 critical	9.8