7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
88.3%
Apache Xerces2 Java XML Parser is used by IBM Application Performance Management.
CVEID:CVE-2022-23437
**DESCRIPTION:**Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duration.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2012-0881
**DESCRIPTION:**Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources from the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2013-4002
**DESCRIPTION:**A denial of service vulnerability in the Apache Xerces-J parser used by IBM Java could result in a complete availability impact on the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/85260 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVEID:CVE-2020-14338
**DESCRIPTION:**Wildfly could allow a remote attacker to bypass security restrictions, caused by improper XML validation in the XMLSchemaValidator class in the JAXP component. By using a specially-crafted XML file, an attacker could exploit this vulnerability to manipulate the validation process in certain cases.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud APM, Base Private | 8.1.4 |
IBM Cloud APM, Advanced Private | 8.1.4 |
IBM Cloud Application Performance Management, Base Private
IBM Cloud Application Performance Management, Advanced Private| 8.1.4|
The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410>
—|—|—
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm application performance management | eq | 8.1.3 | |
ibm application performance management | eq | 8.1.4 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
88.3%