cxf-rt-management is vulnerable to information disclosure. The vulnerability exists as registry rebind was not prevented, allowing another instance on the same host to connect to the registry and rebind the entry to another server.
cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2
github.com/apache/cxf/commit/8636c3760a97979f42e45080230a27b81df5d436
github.com/apache/cxf/commit/98ec361acd390483005de12ca3b10cf49cbdcf8a
github.com/apache/cxf/pull/641
lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
security.netapp.com/advisory/ntap-20220210-0001/
www.oracle.com/security-alerts/cpuoct2020.html