Vulnerabilities > CVE-2022-23437 - Infinite Loop vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-01-24

Updated: 2023-08-08

Summary

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Xerces J 1.0.1 Apache Xerces J 1.0.2 Apache Xerces J 1.0.3 Apache Xerces J 1.0.4 Apache Xerces J 1.1.0 Apache Xerces J 1.1.1 Apache Xerces J 1.1.2 Apache Xerces J 1.1.3 Apache Xerces J 1.2.0 Apache Xerces J 1.2.1 Apache Xerces J 1.2.2 Apache Xerces J 1.2.3 Apache Xerces J 1.3.0 Apache Xerces J 1.3.1 Apache Xerces J 1.4.0 Apache Xerces J 1.4.1 Apache Xerces J 1.4.2 Apache Xerces J 1.4.3 Apache Xerces J 1.4.4 Apache Xerces J 2.0.0 Apache Xerces J 2.0.1 Apache Xerces J 2.0.2 Apache Xerces J 2.1.0 Apache Xerces J 2.2.0 Apache Xerces J 2.2.1 Apache Xerces J 2.3.0 Apache Xerces J 2.4.0 Apache Xerces J 2.5.0 Apache Xerces J 2.6.0 Apache Xerces J 2.6.1 Apache Xerces J 2.6.2 Apache Xerces J 2.7.0 Apache Xerces J 2.7.1 Apache Xerces J 2.8.0 Apache Xerces J 2.8.1 Apache Xerces J 2.9.0 Apache Xerces J 2.9.1 Apache Xerces J 2.10.0 Apache Xerces J 2.11.0 Apache Xerces J 2.12.0	45
Application	Oracle Oracle Ilearning 6.2 Oracle Ilearning 6.3 Oracle Flexcube Universal Banking 12.4.0 Oracle Weblogic Server 12.2.1.3.0 Oracle Weblogic Server 12.2.1.4.0 Oracle Weblogic Server 14.1.1.0.0 Oracle Agile PLM 9.3.6 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Retail Bulk Data Integration 16.0.3.0 Oracle Retail Merchandising System 16.0.3 Oracle Retail Merchandising System 19.0.1 Oracle Global Lifecycle Management Nextgen OUI Framework 13.9.4.2.2 Oracle Global Lifecycle Management Nextgen OUI Framework - Oracle Global Lifecycle Management Nextgen OUI Framework 12.2.1.3.0 Oracle Global Lifecycle Management Nextgen OUI Framework 12.2.1.4.0 Oracle Agile Engineering Data Management 6.2.1.0 Oracle Retail Service Backbone 16.0.3 Oracle Retail Service Backbone 15.0.3.1 Oracle Retail Service Backbone 14.1.3.2 Oracle Retail Service Backbone 19.0.1 Oracle Retail Financial Integration 16.0.3 Oracle Retail Financial Integration 14.1.3.2 Oracle Retail Financial Integration 15.0.3.1 Oracle Retail Financial Integration 19.0.1 Oracle Retail Integration BUS 16.0.3 Oracle Retail Integration BUS 14.1.3.2 Oracle Retail Integration BUS 15.0.3.1 Oracle Retail Integration BUS 19.0.1 Oracle Financial Services Enterprise Case Management 8.0.7.2.0 Oracle Financial Services Enterprise Case Management 8.0.8.1 Oracle Financial Services Enterprise Case Management 8.1.1.0 Oracle Financial Services Enterprise Case Management 8.1.1.1 Oracle Financial Services Enterprise Case Management 8.0.7.1 Oracle Financial Services Enterprise Case Management 8.0.8.0 Oracle Banking Party Management 2.7.0 Oracle Retail Extract Transform AND Load 13.2.8 Oracle Communications Asap 7.3 Oracle Product Lifecycle Analytics 3.6.1 Oracle Financial Services Behavior Detection Platform 8.1.2.0 Oracle Financial Services Behavior Detection Platform 8.1.1.1 Oracle Financial Services Behavior Detection Platform 8.1.1.0 Oracle Financial Services Behavior Detection Platform 8.0.6.0.0 Oracle Financial Services Behavior Detection Platform 8.0.7 Oracle Financial Services Behavior Detection Platform 8.0.7.0 Oracle Financial Services Behavior Detection Platform 8.0.7.0.0 Oracle Financial Services Behavior Detection Platform 8.0.8 Oracle Financial Services Behavior Detection Platform 8.0.8.0 Oracle Communications Element Manager 8.0.0 Oracle Communications Element Manager 8.1.0 Oracle Communications Element Manager 8.1.1 Oracle Communications Element Manager 8.2.0 Oracle Communications Element Manager 8.2.1 Oracle Communications Element Manager 8.2.2 Oracle Communications Element Manager 8.2.2.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Financial Services Analytical Applications Infrastructure 8.1.0.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.1 Oracle Financial Services Analytical Applications Infrastructure 8.1.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.2 Oracle Communications Session Report Manager - Oracle Communications Session Report Manager 8.0.0 Oracle Communications Session Report Manager 8.0.0.0 Oracle Communications Session Report Manager 8.1.0 Oracle Communications Session Report Manager 8.2.2 Oracle Communications Session Report Manager 8.2.2.1 Oracle Communications Session Report Manager 8.2.4.0 Oracle Communications Session Report Manager 8.2.5.0 Oracle Communications Session Route Manager - Oracle Communications Session Route Manager 8.0.0 Oracle Communications Session Route Manager 8.1.0 Oracle Communications Session Route Manager 8.1.1 Oracle Communications Session Route Manager 8.2.0 Oracle Communications Session Route Manager 8.2.0.0 Oracle Communications Session Route Manager 8.2.1 Oracle Communications Session Route Manager 8.2.2 Oracle Communications Session Route Manager 8.2.2.1 Oracle Communications Session Route Manager 8.2.4 Oracle Communications Session Route Manager 8.2.4.0 Oracle Communications Session Route Manager 8.2.5 Oracle Financial Services Crime AND Compliance Management Studio 8.0.8.2.0 Oracle Financial Services Crime AND Compliance Management Studio 8.0.8.3.0 Oracle Primavera Gateway 19.12.0 Oracle Primavera Gateway 19.12.4 Oracle Primavera Gateway 19.12.10 Oracle Primavera Gateway 19.12.11 Oracle Primavera Gateway 19.12.12 Oracle Primavera Gateway 18.8.0 Oracle Primavera Gateway 18.8.8 Oracle Primavera Gateway 18.8.8.1 Oracle Primavera Gateway 18.8.9 Oracle Primavera Gateway 18.8.11 Oracle Primavera Gateway 18.8.12 Oracle Primavera Gateway 18.8.13 Oracle Primavera Gateway 20.12.0 Oracle Primavera Gateway 20.12.7 Oracle Primavera Gateway 20.12.8 Oracle Primavera Gateway 17.7 Oracle Primavera Gateway 17.12 Oracle Primavera Gateway 17.12.0 Oracle Primavera Gateway 17.12.6 Oracle Primavera Gateway 17.12.7 Oracle Primavera Gateway 17.12.8 Oracle Primavera Gateway 17.12.9 Oracle Primavera Gateway 17.12.10 Oracle Primavera Gateway 17.12.11 Oracle Global Lifecycle Management Opatch 11.2.0.3.23 Oracle Global Lifecycle Management Opatch 12.2.0.1.0 Oracle Global Lifecycle Management Opatch 12.2.0.1.19 Oracle Global Lifecycle Management Opatch 12.2.0.1.20 Oracle Global Lifecycle Management Opatch 12.2.0.1.22 Oracle Health Sciences Information Manager 3.0.1 Oracle Health Sciences Information Manager 3.0.2 Oracle Health Sciences Information Manager 3.0.3 Oracle Health Sciences Information Manager 3.0.4 Oracle Health Sciences Information Manager 3.0.5 Oracle Health Sciences Information Manager 3.0.0.1 Oracle Banking Deposits AND Lines OF Credit Servicing 2.7	130
Application	Netapp Netapp Active IQ Unified Manager -	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References