CVE-2022-23437 - Denial of Service (DoS)
Severity: Medium2022-11-07
Abstract
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
The Oxygen products incorporate Apache Xerces Java (XercesJ) as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v24.0 and older | Medium | Oxygen XML Author 24.1 build 2022030807 |
Oxygen XML Developer v24.0 and older | Medium | Oxygen XML Developer 24.1 build 2022030807 |
Oxygen XML Editor v24.0 and older | Medium | Oxygen XML Editor 24.1 build 2022030807 |
Detail
CVE-2022-23437
Severity: Medium
CVSS Score: 6.5
The Apache Xerces Java (XercesJ) third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-23437 vulnerability description.
Starting with Oxygen XML Author v24.1 build 2022030807 Apache Xerces Java (XercesJ) library was updated to v2.12.2 which fixes this vulnerability.
Starting with Oxygen XML Developer v24.1 build 2022030807 Apache Xerces Java (XercesJ) library was updated to v2.12.2 which fixes this vulnerability.
Starting with Oxygen XML Editor v24.1 build 2022030807 Apache Xerces Java (XercesJ) library was updated to v2.12.2 which fixes this vulnerability.