Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

Linux Distros Unpatched Vulnerability : CVE-2022-23437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML...

Advisory ROSA-SA-2025-2621

software: xerces-j2 2.12.0 WASP: ROSA-CHROME packageevrstring: xerces-j2-2.12.0-4 CVE-ID: CVE-2022-23437 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Xerces Java XercesJ XML parser causes it to hang in an infinite loop when processing specially crafted XML documents...

RHEL 9 : xerces-j2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xerces-j2: infinite loop when handling specially crafted XML document payloads CVE-2022-23437 Note that Nessus has...

Security Bulletin: IBM Call Center is subject to vulnerability regarding an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources.

Summary IBM Call Center removed parts of a legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to Apache Xerces2 Java (CVE-2012-0881, CVE-2022-23437 )

Summary IBM Sterling B2B Integrator uses Apache Xerces2 Java libraries. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. ...

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service

Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

Security Bulletin: IBM TRIRIGA Application Platform discloses use of Apache Xerces (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duratio...

Oracle Business Process Management Suite (Jul 2023 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the July 2023 CPU advisory, including: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component:...

Security Bulletin: Vulnerabilities in Xerces2 affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2013-4002, CVE-2012-1724, CVE-2012-0881, CVE-2022-23437, CVE-2009-2625)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in the Apache Xerces2 Java parser library. The vulnerabilitie...

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

SUSE CVE-2022-23437

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

Security Bulletin: IBM Sterling External Authentication Server vulnerable to denial of service due to Apache Xerces2 (CVE-2022-23437)

Summary IBM Sterling External Authentication Server 6.0.3.0 contains Apache Xerces2, which is vulnerable to a denial of service attack. This vulnerability is addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a...

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

Security Bulletin: Vulnerability from Apache Xerces2 affect IBM Operations Analytics - Log Analysis (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser shipped with Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to...

Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Summary IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below FasterXML Jackson Databind and Apache Xerces vulnerabilities CVEs. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...

Oracle Primavera Gateway (Jul 2022 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin jackson-databind. Supported versions that a...

Oracle Primavera Unifier (Jul 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management jackson-databind. Supported...