CVE-2022-45143 - Improper Input Validation
Severity: None2023-02-17
Abstract
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback v2.1.4 and older | None | Oxygen Feedback 3.0 build 2023031610 |
Detail
CVE-2022-45143
Severity: High
CVSS Score: 7.5
The Apache Tomcat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-45143 vulnerability description. However, the Oxygen products does not call the affected code. For that reason, Oxygen XML products are not affected.