cve/2022/CVE-2022-4245.md

### [CVE-2022-4245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4245)
![](https://img.shields.io/static/v1?label=Product&message=A-MQ%20Clients%202&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=RHINT%20Camel-K-1.10.1&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=RHPAM%207.13.1%20async&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20A-MQ%20Online&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Change%20Data%20Capture&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%20Service%20Works%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Web%20Server%203&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Web%20Server%205&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Application%20Runtimes&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Software%20Collections&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20support%20for%20Spring%20Boot&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=XML%20Injection%20(aka%20Blind%20XPath%20Injection)&color=brighgreen)

### Description

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-4245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4245)`
			`![](https://img.shields.io/static/v1?label=Product&message=A-MQ%20Clients%202&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=RHINT%20Camel-K-1.10.1&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=RHPAM%207.13.1%20async&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20A-MQ%20Online&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Change%20Data%20Capture&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%20Service%20Works%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Web%20Server%203&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Web%20Server%205&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Application%20Runtimes&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Software%20Collections&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20support%20for%20Spring%20Boot&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=XML%20Injection%20(aka%20Blind%20XPath%20Injection)&color=brighgreen)`

			`### Description`

			`A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`