Published: 24/01/2022 Updated: 21/11/2024

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache xerces-j
oracle agile engineering data management 6.2.1.0
oracle agile plm 9.3.6
oracle banking deposits and lines of credit servicing 2.7
oracle banking party management 2.7.0
oracle communications asap 7.3
oracle communications element manager
oracle communications session report manager
oracle communications session route manager
oracle financial services analytical applications infrastructure
oracle financial services behavior detection platform
oracle financial services behavior detection platform 8.1.1.0
oracle financial services behavior detection platform 8.1.1.1
oracle financial services behavior detection platform 8.1.2.0
oracle financial services crime and compliance management studio 8.0.8.2.0
oracle financial services crime and compliance management studio 8.0.8.3.0
oracle financial services enterprise case management 8.0.7.1
oracle financial services enterprise case management 8.0.7.2.0
oracle financial services enterprise case management 8.0.8.0
oracle financial services enterprise case management 8.0.8.1
oracle financial services enterprise case management 8.1.1.0
oracle financial services enterprise case management 8.1.1.1
oracle flexcube universal banking 12.4.0
oracle global lifecycle management nextgen oui framework
oracle global lifecycle management nextgen oui framework 13.9.4.2.2
oracle global lifecycle management opatch
oracle health sciences information manager
oracle health sciences information manager 3.0.0.1
oracle ilearning 6.2
oracle ilearning 6.3
oracle peoplesoft enterprise peopletools 8.58
oracle peoplesoft enterprise peopletools 8.59
oracle primavera gateway
oracle product lifecycle analytics 3.6.1
oracle retail bulk data integration 16.0.3.0
oracle retail extract transform and load 13.2.8
oracle retail financial integration 14.1.3.2
oracle retail financial integration 15.0.3.1
oracle retail financial integration 16.0.3
oracle retail financial integration 19.0.1
oracle retail integration bus 14.1.3.2
oracle retail integration bus 15.0.3.1
oracle retail integration bus 16.0.3
oracle retail integration bus 19.0.1
oracle retail merchandising system 16.0.3
oracle retail merchandising system 19.0.1
oracle retail service backbone 14.1.3.2
oracle retail service backbone 15.0.3.1
oracle retail service backbone 16.0.3
oracle retail service backbone 19.0.1
oracle weblogic server 12.2.1.3.0
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
netapp active iq unified manager -

Debian Bug report logs - #1016975 libxerces2-java: CVE-2022-23437 Package: src:libxerces2-java; Maintainer for src:libxerces2-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 10 Aug 2022 20:12:01 UTC Severity: important Tags: s ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Important: Red Hat Process Automation Manager 7131 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration This vulnerability is present within XercesJ version 2121 and the previous versions ...

A vulnerability (CVE-2022-23437) exists in Cosminexus XML Processor Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus XML Processor, which is a component product of other Hitachi products For details about the fixed version about Cosminexus products ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10219, CVE-2020-10693, CVE-2020-25638, CVE-2021-28170, CVE-2022-0866, CVE-2022-1278, CVE-2022-1466, CVE-2022-2625, CVE-2022-2764, CVE-2022-23437 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

To: oss-security () lists openwall com Reply-To: j-dev () xerces apache org Subject: CVE-2022-23437: Infinite loop within Apache XercesJ xml parser Severity: high Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads This causes, the XercesJ XML parser to wa ...

CWE-835 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975 https://nvd.nist.gov https://www.first.org/epss http://www.openwall.com/lists/oss-security/2022/01/24/3 https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl https://security.netapp.com/advisory/ntap-20221028-0005/https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html http://www.openwall.com/lists/oss-security/2022/01/24/3 https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl https://security.netapp.com/advisory/ntap-20221028-0005/https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html

CVE-2022-23437

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect