7.1

CVE-2022-23437

EPSS 0.09%
Veröffentlicht 24.01.2022 15:15:09
Zuletzt bearbeitet 21.11.2024 06:48:33
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Xerces-j Version <= 2.12.1

Oracle ≫ Agile Engineering Data Management Version6.2.1.0

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Banking Deposits And Lines Of Credit Servicing Version2.7

Oracle ≫ Banking Party Management Version2.7.0

Oracle ≫ Communications Asap Version7.3

Oracle ≫ Communications Element Manager Version < 9.0

Oracle ≫ Communications Session Report Manager Version < 9.0

Oracle ≫ Communications Session Route Manager Version < 9.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6.0.0 <= 8.0.9.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.1.0.0 < 8.1.2.0

Oracle ≫ Financial Services Behavior Detection Platform Version >= 8.0.6.0.0 <= 8.0.8.0

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.1.0

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.1.1

Oracle ≫ Financial Services Behavior Detection Platform Version8.1.2.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.1

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.2.0

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.0

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.1

Oracle ≫ Financial Services Enterprise Case Management Version8.1.1.0

Oracle ≫ Financial Services Enterprise Case Management Version8.1.1.1

Oracle ≫ Flexcube Universal Banking Version12.4.0

Oracle ≫ Global Lifecycle Management Nextgen Oui Framework Version < 13.9.4.2.2

Oracle ≫ Global Lifecycle Management Nextgen Oui Framework Version13.9.4.2.2

Oracle ≫ Global Lifecycle Management Opatch Version < 12.2.0.1.30

Oracle ≫ Health Sciences Information Manager Version >= 3.0.1 <= 3.0.5

Oracle ≫ Health Sciences Information Manager Version3.0.0.1

Oracle ≫ Ilearning Version6.2

Oracle ≫ Ilearning Version6.3

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Primavera Gateway Version >= 17.7 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.14

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.13

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.8

Oracle ≫ Product Lifecycle Analytics Version3.6.1

Oracle ≫ Retail Bulk Data Integration Version16.0.3.0

Oracle ≫ Retail Extract Transform And Load Version13.2.8

Oracle ≫ Retail Financial Integration Version14.1.3.2

Oracle ≫ Retail Financial Integration Version15.0.3.1

Oracle ≫ Retail Financial Integration Version16.0.3

Oracle ≫ Retail Financial Integration Version19.0.1

Oracle ≫ Retail Integration Bus Version14.1.3.2

Oracle ≫ Retail Integration Bus Version15.0.3.1

Oracle ≫ Retail Integration Bus Version16.0.3

Oracle ≫ Retail Integration Bus Version19.0.1

Oracle ≫ Retail Merchandising System Version16.0.3

Oracle ≫ Retail Merchandising System Version19.0.1

Oracle ≫ Retail Service Backbone Version14.1.3.2

Oracle ≫ Retail Service Backbone Version15.0.3.1

Oracle ≫ Retail Service Backbone Version16.0.3

Oracle ≫ Retail Service Backbone Version19.0.1

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.265

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/01/24/3

Third Party Advisory

Mailing List

https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl

Vendor Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20221028-0005/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23437

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23437

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23437

EUVD