Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-23437

Published: 24/01/2022 Updated: 08/08/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 633
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Apache

Vulnerability Summary

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache xerces-j

oracle ilearning 6.2

oracle flexcube universal banking 12.4.0

oracle weblogic server 12.2.1.3.0

oracle agile plm 9.3.6

oracle weblogic server 12.2.1.4.0

oracle peoplesoft enterprise peopletools 8.58

oracle weblogic server 14.1.1.0.0

oracle retail bulk data integration 16.0.3.0

oracle retail merchandising system 16.0.3

oracle global lifecycle management nextgen oui framework 13.9.4.2.2

oracle agile engineering data management 6.2.1.0

oracle retail service backbone 16.0.3

oracle retail financial integration 16.0.3

oracle retail integration bus 16.0.3

oracle peoplesoft enterprise peopletools 8.59

oracle retail service backbone 15.0.3.1

oracle retail service backbone 14.1.3.2

oracle financial services enterprise case management 8.0.7.2.0

oracle banking party management 2.7.0

oracle retail merchandising system 19.0.1

oracle retail integration bus 14.1.3.2

oracle retail financial integration 14.1.3.2

oracle retail extract transform and load 13.2.8

oracle retail integration bus 15.0.3.1

oracle retail financial integration 15.0.3.1

oracle communications asap 7.3

oracle ilearning 6.3

oracle retail service backbone 19.0.1

oracle retail integration bus 19.0.1

oracle retail financial integration 19.0.1

oracle product lifecycle analytics 3.6.1

oracle financial services enterprise case management 8.0.8.1

oracle financial services enterprise case management 8.1.1.0

oracle financial services enterprise case management 8.1.1.1

oracle financial services behavior detection platform 8.1.2.0

oracle financial services behavior detection platform 8.1.1.1

oracle financial services behavior detection platform 8.1.1.0

oracle financial services enterprise case management 8.0.7.1

oracle financial services enterprise case management 8.0.8.0

oracle communications element manager

oracle financial services analytical applications infrastructure

oracle communications session report manager

oracle financial services behavior detection platform

oracle communications session route manager

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

oracle global lifecycle management nextgen oui framework

oracle primavera gateway

oracle global lifecycle management opatch

oracle health sciences information manager

oracle health sciences information manager 3.0.0.1

oracle banking deposits and lines of credit servicing 2.7

netapp active iq unified manager -

Vendor Advisories

Debian CVElist Bug Report Logs: libxerces2-java: CVE-2022-23437
Debian Bug report logs - #1016975 libxerces2-java: CVE-2022-23437 Package: src:libxerces2-java; Maintainer for src:libxerces2-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 10 Aug 2022 20:12:01 UTC Severity: important Tags: s ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...
Red Hat: Important: Red Hat Process Automation Manager 7.13.1 security update
Synopsis Important: Red Hat Process Automation Manager 7131 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Red Hat: CVE-2022-23437
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration This vulnerability is present within XercesJ version 2121 and the previous versions ...
Hitachi Security Advisories: Vulnerability in Cosminexus XML Processor
A vulnerability (CVE-2022-23437) exists in Cosminexus XML Processor Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus XML Processor, which is a component product of other Hitachi products For details about the fixed version about Cosminexus products ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10219, CVE-2020-10693, CVE-2020-25638, CVE-2021-28170, CVE-2022-0866, CVE-2022-1278, CVE-2022-1466, CVE-2022-2625, CVE-2022-2764, CVE-2022-23437 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Mailing Lists

Full Disclosure: CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2022-23437: Infinite loop within Apache XercesJ xml parser <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Mu ...

References

CWE-835https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dlhttp://www.openwall.com/lists/oss-security/2022/01/24/3https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://security.netapp.com/advisory/ntap-20221028-0005/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-23437
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook