CVE-2022-23437

Published Jan 24, 2022
Last updated 3 months ago
CVSS medium 6.5
Overview

Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Source: security@apache.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 6.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:C
Weaknesses

nvd@nist.gov: CWE-835
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35BFF235-489B-4262-94F4-061317ED4EAE",
            "versionEndIncluding": "2.12.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED63D221-31FA-480F-802F-844334F429F5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257",
            "versionEndExcluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28",
            "versionEndExcluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2",
            "versionEndExcluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4A07A20-CDE7-40A8-B24A-D4181C4398A0",
            "versionEndIncluding": "8.0.9.0",
            "versionStartIncluding": "8.0.6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83DEEFFB-058D-4ABD-9083-AF70772D7010",
            "versionEndExcluding": "8.1.2.0",
            "versionStartIncluding": "8.1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "147A4225-A2D5-4AA1-96D1-6D95A192B596",
            "versionEndIncluding": "8.0.8.0",
            "versionStartIncluding": "8.0.6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C64D669C-513E-4C53-8BB8-13EB336CDC3A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18E7AC20-F70C-4A92-817D-94CE9FB3EB0D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6394E90-2F2C-4955-9F97-BFED76D4333B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0",
            "versionEndExcluding": "13.9.4.2.2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF",
            "versionEndExcluding": "12.2.0.1.30"
          },
          {
            "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D450B848-371E-4401-9DB0-27AF31B5D5EA",
            "versionEndIncluding": "3.0.5",
            "versionStartIncluding": "3.0.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BE4F581-7DEF-4417-A55D-561BDAC5CA7C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6300315-7816-4F4E-A1C3-99EF5984B94A",
            "versionEndIncluding": "17.12.11",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F04DF183-EBCB-456E-90F9-A8500E6E32B7",
            "versionEndIncluding": "18.8.14",
            "versionStartIncluding": "18.8.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D30B0D1-4466-4601-8822-CE8ADBB381FB",
            "versionEndIncluding": "19.12.13",
            "versionStartIncluding": "19.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E362FE6-A387-4DFB-ADD7-FB4BAE9DE7CB",
            "versionEndIncluding": "20.12.8",
            "versionStartIncluding": "20.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
