CVE-2016-4464

critical

Published 2016-09-21 · Modified 2024-12-02

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

Ecosystem	Package	Vulnerable	Fixed
Maven	org.apache.cxf.fediz:fediz-spring	`>=1.2.0,<1.2.3`	`1.2.3`
Maven	org.apache.cxf.fediz:fediz-spring	`>=1.3.0,<1.3.1`	`1.3.1`
Maven	org.apache.cxf.fediz:fediz-spring2	`>=1.2.0,<1.2.3`	`1.2.3`
Maven	org.apache.cxf.fediz:fediz-spring2	`>=1.3.0,<1.3.1`	`1.3.1`

Vendor	Product	Versions
apache	cxf_fediz	`1.2.0`
apache	cxf_fediz	`1.2.1`
apache	cxf_fediz	`1.2.2`
apache	cxf_fediz	`1.3.0`

CWE-284

Verify integrity in audit chain (admin only). AS-IS.