Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-34169
HistoryJul 19, 2022 - 6:15 p.m.

CVE-2022-34169

2022-07-1918:15:11
CWE-681
[email protected]
web.nvd.nist.gov
6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Affected configurations

NVD
Node
apachexalan-javaRange2.7.2
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
oraclegraalvmMatch20.3.6enterprise
OR
oraclegraalvmMatch21.3.2enterprise
OR
oraclegraalvmMatch22.1.0enterprise
OR
oraclejdkMatch1.7.0update343
OR
oraclejdkMatch1.8.0update333
OR
oraclejdkMatch11.0.15.1
OR
oraclejdkMatch17.0.3.1
OR
oraclejdkMatch18.0.1.1
OR
oraclejreMatch1.7.0update343
OR
oraclejreMatch1.8.0update333
OR
oraclejreMatch11.0.15.1
OR
oraclejreMatch17.0.3.1
OR
oraclejreMatch18.0.1.1
Node
oracleopenjdkRange1111.0.15
OR
oracleopenjdkRange1313.0.11
OR
oracleopenjdkRange1515.0.7
OR
oracleopenjdkRange1717.0.3
OR
oracleopenjdkMatch7-
OR
oracleopenjdkMatch7update1
OR
oracleopenjdkMatch7update10
OR
oracleopenjdkMatch7update101
OR
oracleopenjdkMatch7update11
OR
oracleopenjdkMatch7update111
OR
oracleopenjdkMatch7update121
OR
oracleopenjdkMatch7update13
OR
oracleopenjdkMatch7update131
OR
oracleopenjdkMatch7update141
OR
oracleopenjdkMatch7update15
OR
oracleopenjdkMatch7update151
OR
oracleopenjdkMatch7update161
OR
oracleopenjdkMatch7update17
OR
oracleopenjdkMatch7update171
OR
oracleopenjdkMatch7update181
OR
oracleopenjdkMatch7update191
OR
oracleopenjdkMatch7update2
OR
oracleopenjdkMatch7update201
OR
oracleopenjdkMatch7update21
OR
oracleopenjdkMatch7update211
OR
oracleopenjdkMatch7update221
OR
oracleopenjdkMatch7update231
OR
oracleopenjdkMatch7update241
OR
oracleopenjdkMatch7update25
OR
oracleopenjdkMatch7update251
OR
oracleopenjdkMatch7update261
OR
oracleopenjdkMatch7update271
OR
oracleopenjdkMatch7update281
OR
oracleopenjdkMatch7update291
OR
oracleopenjdkMatch7update3
OR
oracleopenjdkMatch7update301
OR
oracleopenjdkMatch7update311
OR
oracleopenjdkMatch7update321
OR
oracleopenjdkMatch7update4
OR
oracleopenjdkMatch7update40
OR
oracleopenjdkMatch7update45
OR
oracleopenjdkMatch7update5
OR
oracleopenjdkMatch7update51
OR
oracleopenjdkMatch7update55
OR
oracleopenjdkMatch7update6
OR
oracleopenjdkMatch7update60
OR
oracleopenjdkMatch7update65
OR
oracleopenjdkMatch7update67
OR
oracleopenjdkMatch7update7
OR
oracleopenjdkMatch7update72
OR
oracleopenjdkMatch7update76
OR
oracleopenjdkMatch7update80
OR
oracleopenjdkMatch7update85
OR
oracleopenjdkMatch7update9
OR
oracleopenjdkMatch7update91
OR
oracleopenjdkMatch7update95
OR
oracleopenjdkMatch7update97
OR
oracleopenjdkMatch7update99
OR
oracleopenjdkMatch8-
OR
oracleopenjdkMatch8milestone1
OR
oracleopenjdkMatch8milestone2
OR
oracleopenjdkMatch8milestone3
OR
oracleopenjdkMatch8milestone4
OR
oracleopenjdkMatch8milestone5
OR
oracleopenjdkMatch8milestone6
OR
oracleopenjdkMatch8milestone7
OR
oracleopenjdkMatch8milestone8
OR
oracleopenjdkMatch8milestone9
OR
oracleopenjdkMatch8update101
OR
oracleopenjdkMatch8update102
OR
oracleopenjdkMatch8update11
OR
oracleopenjdkMatch8update111
OR
oracleopenjdkMatch8update112
OR
oracleopenjdkMatch8update121
OR
oracleopenjdkMatch8update131
OR
oracleopenjdkMatch8update141
OR
oracleopenjdkMatch8update151
OR
oracleopenjdkMatch8update152
OR
oracleopenjdkMatch8update161
OR
oracleopenjdkMatch8update162
OR
oracleopenjdkMatch8update171
OR
oracleopenjdkMatch8update172
OR
oracleopenjdkMatch8update181
OR
oracleopenjdkMatch8update191
OR
oracleopenjdkMatch8update192
OR
oracleopenjdkMatch8update20
OR
oracleopenjdkMatch8update201
OR
oracleopenjdkMatch8update202
OR
oracleopenjdkMatch8update211
OR
oracleopenjdkMatch8update212
OR
oracleopenjdkMatch8update221
OR
oracleopenjdkMatch8update222
OR
oracleopenjdkMatch8update231
OR
oracleopenjdkMatch8update232
OR
oracleopenjdkMatch8update241
OR
oracleopenjdkMatch8update242
OR
oracleopenjdkMatch8update25
OR
oracleopenjdkMatch8update252
OR
oracleopenjdkMatch8update262
OR
oracleopenjdkMatch8update271
OR
oracleopenjdkMatch8update281
OR
oracleopenjdkMatch8update282
OR
oracleopenjdkMatch8update291
OR
oracleopenjdkMatch8update301
OR
oracleopenjdkMatch8update302
OR
oracleopenjdkMatch8update31
OR
oracleopenjdkMatch8update312
OR
oracleopenjdkMatch8update322
OR
oracleopenjdkMatch8update332
OR
oracleopenjdkMatch8update40
OR
oracleopenjdkMatch8update45
OR
oracleopenjdkMatch8update5
OR
oracleopenjdkMatch8update51
OR
oracleopenjdkMatch8update60
OR
oracleopenjdkMatch8update65
OR
oracleopenjdkMatch8update66
OR
oracleopenjdkMatch8update71
OR
oracleopenjdkMatch8update72
OR
oracleopenjdkMatch8update73
OR
oracleopenjdkMatch8update74
OR
oracleopenjdkMatch8update77
OR
oracleopenjdkMatch8update91
OR
oracleopenjdkMatch8update92
OR
oracleopenjdkMatch18
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
Node
netapp7-mode_transition_toolMatch-
OR
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappcloud_insights_acquisition_unitMatch-
OR
netappcloud_secure_agentMatch-
OR
netapphci_management_nodeMatch-
OR
netapponcommand_insightMatch-
OR
netappsolidfireMatch-
OR
netapphci_compute_nodeMatch-
Node
azulzuluMatch6.47
OR
azulzuluMatch7.54
OR
azulzuluMatch8.62
OR
azulzuluMatch11.56
OR
azulzuluMatch13.48
OR
azulzuluMatch15.40
OR
azulzuluMatch17.34
OR
azulzuluMatch18.30

References

Related

nessus 67
ibm 10
alpinelinux 1
prion 1
githubexploit 1
debian 4
ubuntucve 1
osv 14
googleprojectzero 1
openvas 33
veracode 1
cvelist 1
cbl_mariner 1
debiancve 1
github 1
atlassian 1
redhatcve 1
cnvd 1
f5 1
cve 1
gentoo 1
redhat 20
almalinux 5
altlinux 1
redos 1
oraclelinux 8
rocky 3
centos 2
cloudlinux 1
suse 4
amazon 4
fedora 4
photon 1
kaspersky 1
nessus
nessus
Debian DSA-5256-1 : bcel - security update
2022-10-19 00:00:00
Debian DLA-3155-1 : bcel - LTS security update
2022-10-19 00:00:00
GLSA-202405-16 : Apache Commons BCEL: Remote Code Execution
2024-05-06 00:00:00
ibm
ibm
Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records
2022-10-20 11:30:21
Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)
2022-12-01 00:42:16
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Xalan
2022-10-13 22:19:59
alpinelinux
alpinelinux
CVE-2022-34169
2022-07-19 18:15:11
prion
prion
Integer overflow
2022-07-19 18:15:00
githubexploit
githubexploit
Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java
2022-08-15 09:43:08
debian
debian
[SECURITY] [DLA 3155-1] bcel security update
2022-10-18 17:55:52
[SECURITY] [DSA 5256-1] bcel security update
2022-10-18 18:04:55
[SECURITY] [DSA 5188-1] openjdk-11 security update
2022-07-22 20:58:41
ubuntucve
ubuntucve
CVE-2022-34169
2022-07-19 00:00:00
osv
osv
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
2022-07-20 00:00:18
bcel - security update
2022-10-18 00:00:00
CVE-2022-34169
2022-07-19 18:15:11
googleprojectzero
googleprojectzero
Gregor Samsa: Exploiting Java's XML Signature Verification
2022-11-02 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3155-1)
2022-10-19 00:00:00
Debian: Security Advisory (DSA-5256-1)
2022-10-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2610-1)
2022-08-02 00:00:00
veracode
veracode
Remote Code Execution
2022-07-20 08:21:43
cvelist
cvelist
CVE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
2022-07-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2
2024-06-21 03:08:12
debiancve
debiancve
CVE-2022-34169
2022-07-19 18:15:11
github
github
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
2022-07-20 00:00:18
atlassian
atlassian
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server
2024-03-07 14:45:37
redhatcve
redhatcve
CVE-2022-34169
2022-07-19 22:54:51
cnvd
cnvd
Apache Xalan input validation error vulnerability
2022-07-21 00:00:00
f5
f5
K42795243 : Apache Xalan Java Library vulnerability CVE-2022-34169
2022-08-25 00:00:00
cve
cve
CVE-2022-34169
2022-07-19 18:15:11
gentoo
gentoo
Apache Commons BCEL: Remote Code Execution
2024-05-05 00:00:00
redhat
redhat
(RHSA-2022:5687) Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-21 13:49:31
(RHSA-2022:5755) Important: OpenJDK 11.0.16 Security Update for Portable Linux Builds
2022-07-28 15:36:15
(RHSA-2022:5756) Important: OpenJDK 11.0.16 security update for Windows Builds
2022-07-28 15:36:18
almalinux
almalinux
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.16.0.8-alt1_1jpp11
2022-08-05 00:00:00
redos
redos
ROS-20240522-05
2024-05-22 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
java-11-openjdk security, bug fix, and enhancement update
2022-07-26 00:00:00
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-26 00:00:00
rocky
rocky
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 13:45:21
java-11-openjdk security, bug fix, and enhancement update
2022-07-21 13:41:28
java-17-openjdk security, bug fix, and enhancement update
2022-07-26 17:15:53
centos
centos
java security update
2022-08-02 19:13:38
java security update
2022-08-02 19:14:32
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
2022-08-04 18:46:36
suse
suse
Security update for java-1_8_0-openjdk (important)
2022-08-19 00:00:00
Security update for java-11-openjdk (important)
2022-08-09 00:00:00
Security update for java-1_8_0-ibm (important)
2022-08-31 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2022-09-01 21:09:00
Important: java-11-amazon-corretto
2022-07-19 01:18:00
Important: java-11-amazon-corretto
2022-07-19 00:38:00
fedora
fedora
[SECURITY] Fedora 36 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc36
2022-08-03 01:27:35
[SECURITY] Fedora 35 Update: java-latest-openjdk-18.0.2.0.9-1.rolling.fc35
2022-08-03 01:49:31
[SECURITY] Fedora 36 Update: java-17-openjdk-17.0.4.0.8-1.fc36
2022-07-28 01:28:22
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0449
2022-09-09 00:00:00
kaspersky
kaspersky
KLA12588 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-07-19 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for NVD:CVE-2022-34169
nessus67ibm10alpinelinux1prion1githubexploit1debian4ubuntucve1osv14googleprojectzero1openvas33veracode1cvelist1cbl_mariner1debiancve1github1atlassian1redhatcve1cnvd1f51cve1gentoo1redhat20almalinux5altlinux1redos1oraclelinux8rocky3centos2cloudlinux1suse4amazon4fedora4photon1kaspersky1