Medium: xerces-j2

🗓️ 02 Oct 2024 00:00:00Reported by AmazonType

Xerces Java parser denial of service via crafted XML; affected up to version 2.12.1; update with yum update xerces-j2.

Reporter	Title	Published	Views	Family All 232
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities	11 Jul 202407:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues	31 Jan 202314:18	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Xerces2	8 May 202406:45	–	ibm
IBM Security Bulletins	Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in Apache Xerces2 J Library	6 Jul 202313:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Application Performance Management products	13 Sep 202307:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to Apache Xerces2 Java (CVE-2012-0881, CVE-2022-23437 )	11 Apr 202413:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow	11 Jan 202413:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to denial of service due to [CVE-2012-0881], [CVE-2013-4002] and [CVE-2022-23437]	23 May 202314:54	–	ibm
IBM Security Bulletins	Security Bulletin: Addressing the Security vulnerability CVE-2022-23437,CVE-2009-2625,CVE-2012-0881,CVE-2013-4002 found in xercesImpl-2.9.1.jar and its previous versions affects ITCAM for Transactions	30 Aug 202311:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Xerces2 affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2013-4002, CVE-2012-1724, CVE-2012-0881, CVE-2022-23437, CVE-2009-2625)	13 Jul 202313:21	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	any	xerces-j2	2.11.0-17.amzn2.0.2	xerces-j2-2.11.0-17.amzn2.0.2.noarch.rpm
Amazon Linux	2	any	xerces-j2-demo	2.11.0-17.amzn2.0.2	xerces-j2-demo-2.11.0-17.amzn2.0.2.noarch.rpm
Amazon Linux	2	any	xerces-j2-javadoc	2.11.0-17.amzn2.0.2	xerces-j2-javadoc-2.11.0-17.amzn2.0.2.noarch.rpm

05 May 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 37.5

CVSS 27.8

CVSS 3.16.5

EPSS0.02159