{ "id": "CVE-2022-23437", "sourceIdentifier": "security@apache.org", "published": "2022-01-24T15:15:09.317", "lastModified": "2022-12-07T01:45:21.733", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions." }, { "lang": "es", "value": "Se presenta una vulnerabilidad en el analizador XML de Apache Xerces Java (XercesJ) cuando maneja cargas \u00fatiles de documentos XML especialmente dise\u00f1ados. Esto causa que el analizador XML de XercesJ espere en un bucle infinito, lo que a veces puede consumir recursos del sistema durante un tiempo prolongado. Esta vulnerabilidad est\u00e1 presente en XercesJ versi\u00f3n 2.12.1, y en versiones anteriores" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-91" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.12.1", "matchCriteriaId": "35BFF235-489B-4262-94F4-061317ED4EAE" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "ED63D221-31FA-480F-802F-844334F429F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.0", "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.0", "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.0", "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.6.0.0", "versionEndIncluding": "8.0.9.0", "matchCriteriaId": "E4A07A20-CDE7-40A8-B24A-D4181C4398A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.1.0.0", "versionEndExcluding": "8.1.2.0", "matchCriteriaId": "83DEEFFB-058D-4ABD-9083-AF70772D7010" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.6.0.0", "versionEndIncluding": "8.0.8.0", "matchCriteriaId": "147A4225-A2D5-4AA1-96D1-6D95A192B596" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "C64D669C-513E-4C53-8BB8-13EB336CDC3A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "18E7AC20-F70C-4A92-817D-94CE9FB3EB0D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6394E90-2F2C-4955-9F97-BFED76D4333B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "versionEndExcluding": "13.9.4.2.2", "matchCriteriaId": "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.2.0.1.30", "matchCriteriaId": "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.1", "versionEndIncluding": "3.0.5", "matchCriteriaId": "D450B848-371E-4401-9DB0-27AF31B5D5EA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BE4F581-7DEF-4417-A55D-561BDAC5CA7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.7", "versionEndIncluding": "17.12.11", "matchCriteriaId": "A6300315-7816-4F4E-A1C3-99EF5984B94A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.8.0", "versionEndIncluding": "18.8.14", "matchCriteriaId": "F04DF183-EBCB-456E-90F9-A8500E6E32B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.12.0", "versionEndIncluding": "19.12.13", "matchCriteriaId": "8D30B0D1-4466-4601-8822-CE8ADBB381FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "20.12.0", "versionEndIncluding": "20.12.8", "matchCriteriaId": "0E362FE6-A387-4DFB-ADD7-FB4BAE9DE7CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2022/01/24/3", "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl", "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0005/", "source": "security@apache.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ] } ] }