CVE-2022-25236

Description

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

9.358

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.2	Windows
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.12	Windows
Multiple vulnerabilities are fixed in Nessus 8.15.5	Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130)	Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130)	Windows
Multiple vulnerabilities are fixed in Tenable Nessus 8.15.5	Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0	Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0	Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7	Windows
XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_i386.deb	Linux
XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_amd64.deb	Linux
XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_i386.deb	Linux
XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_amd64.deb	Linux
XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_i386.deb	Linux
XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_amd64.deb	Linux
expat security update(DSA-5085-1) expat_2.2.6-2+deb10u3_i386.deb	Linux
expat security update(DSA-5085-1) expat_2.2.6-2+deb10u3_amd64.deb	Linux
expat security update(DSA-5085-1) expat_2.2.10-2+deb11u2_amd64.deb	Linux
(RHSA-2022:0818) firefox security update firefox-91.7.0-3.el8_5.x86_64.rpm	Linux
(RHSA-2022:0818) firefox security update firefox-debugsource-91.7.0-3.el8_5.x86_64.rpm	Linux
(RHSA-2022:0824) firefox security and bug fix update firefox-91.7.0-3.el7_9.i686.rpm	Linux
(RHSA-2022:0824) firefox security and bug fix update firefox-91.7.0-3.el7_9.x86_64.rpm	Linux
(RHSA-2022:0845) thunderbird security update thunderbird-91.7.0-2.el8_5.x86_64.rpm	Linux
(RHSA-2022:0845) thunderbird security update thunderbird-debugsource-91.7.0-2.el8_5.x86_64.rpm	Linux
(RHSA-2022:0850) thunderbird security update thunderbird-91.7.0-2.el7_9.x86_64.rpm	Linux
Firefox update (ELSA-2022-0824) firefox-91.7.0-3.0.1.el7_9.i686.rpm	Linux
Firefox update (ELSA-2022-0824) firefox-91.7.0-3.0.1.el7_9.x86_64.rpm	Linux
Thunderbird update (ELSA-2022-0850) thunderbird-91.7.0-2.0.1.el7_9.x86_64.rpm	Linux
(RHSA-2022:0951) expat security update expat-debugsource-2.2.5-4.el8_5.3.i686.rpm	Linux
(RHSA-2022:0951) expat security update expat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm	Linux
(RHSA-2022:1069) expat security update expat-2.1.0-14.el7_9.i686.rpm	Linux
(RHSA-2022:1069) expat security update expat-2.1.0-14.el7_9.x86_64.rpm	Linux
(RHSA-2022:1069) expat security update expat-devel-2.1.0-14.el7_9.i686.rpm	Linux
(RHSA-2022:1069) expat security update expat-devel-2.1.0-14.el7_9.x86_64.rpm	Linux
(RHSA-2022:1069) expat security update expat-static-2.1.0-14.el7_9.i686.rpm	Linux
(RHSA-2022:1069) expat security update expat-static-2.1.0-14.el7_9.x86_64.rpm	Linux
Thunderbird update (ELSA-2022-0845) thunderbird-91.7.0-2.0.1.el8_5.x86_64.rpm	Linux
Expat update (ELSA-2022-0951) expat-2.2.5-4.el8_5.3.i686.rpm	Linux
Expat update (ELSA-2022-0951) expat-2.2.5-4.el8_5.3.x86_64.rpm	Linux
Expat-devel update (ELSA-2022-0951) expat-devel-2.2.5-4.el8_5.3.i686.rpm	Linux
Expat-devel update (ELSA-2022-0951) expat-devel-2.2.5-4.el8_5.3.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-32bit-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debugsource-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-32bit-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-32bit-2.1.0-21.18.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) expat-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-32bit-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debugsource-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-32bit-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-2.1.0-21.22.1.x86_64.rpm	Linux
SUSE-SU-2022:0842-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-32bit-2.1.0-21.22.1.x86_64.rpm	Linux
Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.i686.rpm	Linux
Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.x86_64.rpm	Linux
Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.i686.rpm	Linux
Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.x86_64.rpm	Linux
Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.i686.rpm	Linux
Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.x86_64.rpm	Linux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm	Linux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm	Linux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm	Linux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm	Linux
SUSE-SU-2024:0782-2(Public Cloud Module 15-SP4) python311-3.11.8-150400.9.23.1.x86_64.rpm	Linux
SUSE-SU-2024:0782-2(Public Cloud Module 15-SP4) python311-base-3.11.8-150400.9.23.1.x86_64.rpm	Linux
SUSE-SU-2024:0782-2(Public Cloud Module 15-SP4) libpython3_11-1_0-3.11.8-150400.9.23.1.x86_64.rpm	Linux
expat Security Update (ALAS2023-2023-058) expat-2.5.0-1.amzn2023.0.2.x86_64.rpm	Linux
expat Security Update (ALAS2023-2023-058) expat-devel-2.5.0-1.amzn2023.0.2.x86_64.rpm	Linux
expat Security Update (ALAS2023-2023-058) expat-static-2.5.0-1.amzn2023.0.2.x86_64.rpm	Linux
Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-346982	Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981	Nessus Agent (10.8.4) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234