CVE-2022-23437
Description
Theres a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.089
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2022-23437 are fixed in Apache-xercesImpl 2.12.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.2.0.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple vulnerabilities are affected in Oracle Communications Order and Service Management 7.3 | Windows |
| Multiple vulnerabilities are affected in Oracle Communications Order and Service Management 7.4 | Windows |
| Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.2 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.7 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.8 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.9 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.0 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.1 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 3.2 | Windows |
| Vulnerabilities CVE-2021-29425,CVE-2021-43859,CVE-2022-23437,CVE-2022-34169,CVE-2022-40146 are affected in Oracle Financial Services Revenue Management and Billing 4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.7.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.9 | Windows |
| SUSE-SU-2022:0542-1(SUSE Linux Enterprise Server 12-SP5 ) xerces-j2-2.8.1-268.9.1.noarch.rpm | Linux |
| SUSE-SU-2022:0542-1(SUSE Linux Enterprise Server 12-SP5 ) xerces-j2-xml-apis-2.8.1-268.9.1.noarch.rpm | Linux |
| SUSE-SU-2022:0542-1(SUSE Linux Enterprise Server 12-SP5 ) xerces-j2-xml-resolver-2.8.1-268.9.1.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2022:0503-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) xerces-j2-2.12.0-3.3.1.noarch_15_SP3.rpm | Linux |
| xerces-j2 Security Update (ALAS-2024-2649) xerces-j2-javadoc-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
| xerces-j2 Security Update (ALAS-2024-2649) xerces-j2-demo-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
| xerces-j2 Security Update (ALAS-2024-2649) xerces-j2-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
| Vulnerabilities CVE-2022-23437 are fixed in Apache-xercesImpl for Linux 2.12.2 | Linux |
| xerces-j2 Security Update (ALAS2-2024-2649) xerces-j2-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
| xerces-j2 Security Update (ALAS2-2024-2649) xerces-j2-demo-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
| xerces-j2 Security Update (ALAS2-2024-2649) xerces-j2-javadoc-2.11.0-17.amzn2.0.2.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234