Vulnerabilities > Apache > Tomee > 4.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-09-19 CVE-2021-40690 Information Exposure vulnerability in multiple products
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache debian oracle CWE-200
7.5
7.5
2018-07-23 CVE-2018-8031 Cross-site Scripting vulnerability in Apache Tomee
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL.
network
low complexity
apache CWE-79
6.1
6.1