EUVD-2023-2836

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Apache Santuario versions prior to 2.2.6, 2.3.4, and 3.0.3 disclose private keys in debug logs.

Reporter	Title	Published	Views	Family All 125
IBM Security Bulletins	Security Bulletin: IBM PowerVM Novalink is vulnerable because Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files.(CVE-2023-44483)	7 Feb 202416:59	–	ibm
IBM Security Bulletins	Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)	26 Dec 202305:51	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Santuario Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2023-44483]	31 Jul 202422:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities	15 Apr 202503:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.	29 Sep 202522:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Predict Component uses WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario which is vulnerable to CVE-2023-44483	28 Feb 202413:48	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service and disclosure of sensitive information.	31 Jan 202415:27	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9.	13 Dec 202309:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud	14 Dec 202319:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)	15 Nov 202320:01	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "07285a0c-ba70-3b99-aa68-4abcbe56905b",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b9a76cf4-f271-33da-b725-f65adf9fdc47",
        "product": {
          "name": "Apache Santuario"
        },
        "product_version": "3.0 <3.0.3"
      },
      {
        "id": "e672663a-b18a-3b5a-a5f8-b61a9a8d80be",
        "product": {
          "name": "Apache Santuario"
        },
        "product_version": "2.3 <2.3.4"
      },
      {
        "id": "ecf99a89-2414-3225-8a66-f8ea0d0f4f3a",
        "product": {
          "name": "Apache Santuario"
        },
        "product_version": "2.2 <2.2.6"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-44483
github	www.github.com/apache/santuario-java
lists	www.lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
santuario	www.santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc
openwall	www.openwall.com/lists/oss-security/2023/10/20/5

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.5

EPSS0.00173

SSVC