CVE-2022-34169

🗓️ 19 Jul 2022 00:00:00Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 666 Views🌐 WEB

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing maliciou

Reporter	Title	Published	Views	Family All 485
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023	30 Jun 202315:51	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution	2 Jan 202618:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Content Navigator is affect my Apache Xalan	30 Mar 202609:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records	20 Oct 202211:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime	7 Sep 202210:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	15 Apr 202502:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	13 Mar 202410:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.	15 Apr 202502:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities	20 Jun 202308:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities	26 Mar 202504:04	–	ibm

NVD

Vulners

Node

apache xalan-javaRange≤2.7.2

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

oracle graalvmMatch20.3.6enterprise

oracle graalvmMatch21.3.2enterprise

oracle graalvmMatch22.1.0enterprise

oracle jdkMatch1.7.0update343

oracle jdkMatch1.8.0update333

oracle jdkMatch11.0.15.1

oracle jdkMatch17.0.3.1

oracle jdkMatch18.0.1.1

oracle jreMatch1.7.0update343

oracle jreMatch1.8.0update333

oracle jreMatch11.0.15.1

oracle jreMatch17.0.3.1

oracle jreMatch18.0.1.1

Node

oracle openjdkRange11–11.0.15

oracle openjdkRange13–13.0.11

oracle openjdkRange15–15.0.7

oracle openjdkRange17–17.0.3

oracle openjdkMatch7-

oracle openjdkMatch7update1

oracle openjdkMatch7update10

oracle openjdkMatch7update101

oracle openjdkMatch7update11

oracle openjdkMatch7update111

oracle openjdkMatch7update121

oracle openjdkMatch7update13

oracle openjdkMatch7update131

oracle openjdkMatch7update141

oracle openjdkMatch7update15

oracle openjdkMatch7update151

oracle openjdkMatch7update161

oracle openjdkMatch7update17

oracle openjdkMatch7update171

oracle openjdkMatch7update181

oracle openjdkMatch7update191

oracle openjdkMatch7update2

oracle openjdkMatch7update201

oracle openjdkMatch7update21

oracle openjdkMatch7update211

oracle openjdkMatch7update221

oracle openjdkMatch7update231

oracle openjdkMatch7update241

oracle openjdkMatch7update25

oracle openjdkMatch7update251

oracle openjdkMatch7update261

oracle openjdkMatch7update271

oracle openjdkMatch7update281

oracle openjdkMatch7update291

oracle openjdkMatch7update3

oracle openjdkMatch7update301

oracle openjdkMatch7update311

oracle openjdkMatch7update321

oracle openjdkMatch7update4

oracle openjdkMatch7update40

oracle openjdkMatch7update45

oracle openjdkMatch7update5

oracle openjdkMatch7update51

oracle openjdkMatch7update55

oracle openjdkMatch7update6

oracle openjdkMatch7update60

oracle openjdkMatch7update65

oracle openjdkMatch7update67

oracle openjdkMatch7update7

oracle openjdkMatch7update72

oracle openjdkMatch7update76

oracle openjdkMatch7update80

oracle openjdkMatch7update85

oracle openjdkMatch7update9

oracle openjdkMatch7update91

oracle openjdkMatch7update95

oracle openjdkMatch7update97

oracle openjdkMatch7update99

oracle openjdkMatch8-

oracle openjdkMatch8milestone1

oracle openjdkMatch8milestone2

oracle openjdkMatch8milestone3

oracle openjdkMatch8milestone4

oracle openjdkMatch8milestone5

oracle openjdkMatch8milestone6

oracle openjdkMatch8milestone7

oracle openjdkMatch8milestone8

oracle openjdkMatch8milestone9

oracle openjdkMatch8update101

oracle openjdkMatch8update102

oracle openjdkMatch8update11

oracle openjdkMatch8update111

oracle openjdkMatch8update112

oracle openjdkMatch8update121

oracle openjdkMatch8update131

oracle openjdkMatch8update141

oracle openjdkMatch8update151

oracle openjdkMatch8update152

oracle openjdkMatch8update161

oracle openjdkMatch8update162

oracle openjdkMatch8update171

oracle openjdkMatch8update172

oracle openjdkMatch8update181

oracle openjdkMatch8update191

oracle openjdkMatch8update192

oracle openjdkMatch8update20

oracle openjdkMatch8update201

oracle openjdkMatch8update202

oracle openjdkMatch8update211

oracle openjdkMatch8update212

oracle openjdkMatch8update221

oracle openjdkMatch8update222

oracle openjdkMatch8update231

oracle openjdkMatch8update232

oracle openjdkMatch8update241

oracle openjdkMatch8update242

oracle openjdkMatch8update25

oracle openjdkMatch8update252

oracle openjdkMatch8update262

oracle openjdkMatch8update271

oracle openjdkMatch8update281

oracle openjdkMatch8update282

oracle openjdkMatch8update291

oracle openjdkMatch8update301

oracle openjdkMatch8update302

oracle openjdkMatch8update31

oracle openjdkMatch8update312

oracle openjdkMatch8update322

oracle openjdkMatch8update332

oracle openjdkMatch8update40

oracle openjdkMatch8update45

oracle openjdkMatch8update5

oracle openjdkMatch8update51

oracle openjdkMatch8update60

oracle openjdkMatch8update65

oracle openjdkMatch8update66

oracle openjdkMatch8update71

oracle openjdkMatch8update72

oracle openjdkMatch8update73

oracle openjdkMatch8update74

oracle openjdkMatch8update77

oracle openjdkMatch8update91

oracle openjdkMatch8update92

oracle openjdkMatch18

Node

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

Node

netapp 7-mode_transition_toolMatch-

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-windows

netapp cloud_insights_acquisition_unitMatch-

netapp cloud_secure_agentMatch-

netapp hci_management_nodeMatch-

netapp oncommand_insightMatch-

netapp solidfireMatch-

netapp hci_compute_nodeMatch-

Node

azul zuluMatch6.47

azul zuluMatch7.54

azul zuluMatch8.62

azul zuluMatch11.56

azul zuluMatch13.48

azul zuluMatch15.40

azul zuluMatch17.34

azul zuluMatch18.30

[
  {
    "product": "Apache Xalan-J",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.7.2",
        "status": "affected",
        "version": "Xalan-J",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2022/dsa-5188
openwall	www.openwall.com/lists/oss-security/2022/07/19/5
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
openwall	www.openwall.com/lists/oss-security/2022/07/20/3
openwall	www.openwall.com/lists/oss-security/2022/10/18/2
lists	www.lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
security	www.security.netapp.com/advisory/ntap-20220729-0009/
openwall	www.openwall.com/lists/oss-security/2022/11/07/2
openwall	www.openwall.com/lists/oss-security/2022/07/19/6

Parameter	Position	Path	Description	CWE
File	binary	/upload	PoC/instruction set for CVE-2022-34169 via crafted zip/xslt uploaded to /upload enabling integer truncation in Xalan XSLTC and arbitrary code execution.	CWE-681