apache xerces-j CVE-2022-23437 vulnerability in Apache and Other Products
Published on January 24, 2022

Infinite loop within Apache XercesJ xml parser

product logo product logo product logo
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Github Repository NVD


Products Associated with CVE-2022-23437

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23437 are published in these products:

Apache Xerces J
 
Oracle Ilearning
 
Oracle Weblogic Server
 
Oracle Retail Bulk Data Integration
 
Oracle Retail Merchandising System
 
Oracle Retail Service Backbone
 
Oracle Retail Financial Integration
 
Oracle Retail Integration Bus
 
Oracle Financial Services Behavior Detection Platform
 
Oracle Financial Services Enterprise Case Management
 
Oracle Retail Extract Transform Load
 
Oracle Communications Element Manager
 
Oracle Communications Session Report Manager
 
Oracle Communications Session Route Manager
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Flexcube Universal Banking
 
Oracle Agile Plm
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Agile Engineering Data Management
 
Oracle Global Lifecycle Management Nextgen Oui Framework
 
Oracle Banking Party Management
 
Oracle Communications Asap
 
Oracle Health Sciences Information Manager
 
Oracle Product Lifecycle Analytics
 
Oracle Financial Services Crime Compliance Management Studio
 
Oracle Banking Deposits Lines Credit Servicing
 
Oracle Primavera Gateway
 
Oracle Global Lifecycle Management Opatch
 
NetApp Active Iq Unified Manager
 
Oracle
 

Affected Versions

Apache Software Foundation Apache Xerces:

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-23437

Package Manager Vulnerable Package Versions Fixed In
rubygems nokogiri < 1.13.4 1.13.4

Exploit Probability

EPSS
0.09%
Percentile
25.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.