CVE-2022-23437

{"id": "CVE-2022-23437", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-01-24T15:15:09.317", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/01/24/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20221028-0005/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en el analizador XML de Apache Xerces Java (XercesJ) cuando maneja cargas \u00fatiles de documentos XML especialmente dise\u00f1ados. Esto causa que el analizador XML de XercesJ espere en un bucle infinito, lo que a veces puede consumir recursos del sistema durante un tiempo prolongado. Esta vulnerabilidad est\u00e1 presente en XercesJ versi\u00f3n 2.12.1, y en versiones anteriores"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BFF235-489B-4262-94F4-061317ED4EAE", "versionEndIncluding": "2.12.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED63D221-31FA-480F-802F-844334F429F5"}, {"criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56"}, {"criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257", "versionEndExcluding": "9.0"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28", "versionEndExcluding": "9.0"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", "versionEndExcluding": "9.0"}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4A07A20-CDE7-40A8-B24A-D4181C4398A0", "versionEndIncluding": "8.0.9.0", "versionStartIncluding": "8.0.6.0.0"}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83DEEFFB-058D-4ABD-9083-AF70772D7010", "versionEndExcluding": "8.1.2.0", "versionStartIncluding": "8.1.0.0"}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "147A4225-A2D5-4AA1-96D1-6D95A192B596", "versionEndIncluding": "8.0.8.0", "versionStartIncluding": "8.0.6.0.0"}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6"}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B"}, {"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F"}, {"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304"}, {"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64D669C-513E-4C53-8BB8-13EB336CDC3A"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18E7AC20-F70C-4A92-817D-94CE9FB3EB0D"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6394E90-2F2C-4955-9F97-BFED76D4333B"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C"}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF"}, {"criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0", "versionEndExcluding": "13.9.4.2.2"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A"}, {"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF", "versionEndExcluding": "12.2.0.1.30"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D450B848-371E-4401-9DB0-27AF31B5D5EA", "versionEndIncluding": "3.0.5", "versionStartIncluding": "3.0.1"}, {"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE4F581-7DEF-4417-A55D-561BDAC5CA7C"}, {"criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB"}, {"criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6300315-7816-4F4E-A1C3-99EF5984B94A", "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.7"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F04DF183-EBCB-456E-90F9-A8500E6E32B7", "versionEndIncluding": "18.8.14", "versionStartIncluding": "18.8.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D30B0D1-4466-4601-8822-CE8ADBB381FB", "versionEndIncluding": "19.12.13", "versionStartIncluding": "19.12.0"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E362FE6-A387-4DFB-ADD7-FB4BAE9DE7CB", "versionEndIncluding": "20.12.8", "versionStartIncluding": "20.12.0"}, {"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC"}, {"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023"}, {"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF"}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941"}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4"}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D"}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}