SUSE CVE-2022-40150

🗓️ 15 Feb 2023 03:23:41Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Jettison parser on untrusted XML or JSON can cause out-of-memory denial of service.

Reporter	Title	Published	Views	Family All 122
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	6 Jul 202318:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator EBICs client affected by multiple issues due to Jettison	19 Dec 202319:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	26 Mar 202503:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9	8 Dec 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	29 Sep 202318:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)	28 Nov 202214:09	–	ibm
IBM Security Bulletins	Security Bulletin: jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service	8 Dec 202210:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Jettison affects IBM Process Mining . Multiple CVEs	1 Feb 202320:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Jettison	2 May 202320:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release addresses multiple vulnerablities.	27 Oct 202307:53	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	jettison	1.5.1-1.1	jettison-1.5.1-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jettison	1.5.3-150200.3.4.3	jettison-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	jettison	1.5.3-150200.3.4.3	jettison-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	jettison	1.5.3-150200.3.4.3	jettison-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	jettison	1.5.3-150200.3.4.3	jettison-1.5.3-150200.3.4.3.noarch.rpm
OpenSUSE Tumbleweed	–	any	jettison-javadoc	1.5.1-1.1	jettison-javadoc-1.5.1-1.1.noarch.rpm
OpenSUSE Leap	15.4	any	jettison-javadoc	1.5.3-150200.3.4.3	jettison-javadoc-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	jettison-javadoc	1.5.3-150200.3.4.3	jettison-javadoc-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	jettison-javadoc	1.5.3-150200.3.4.3	jettison-javadoc-1.5.3-150200.3.4.3.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	jettison-javadoc	1.5.3-150200.3.4.3	jettison-javadoc-1.5.3-150200.3.4.3.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2022-40150
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1203516
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014085.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2023-March/014086.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028253.html
lists	www.lists.suse.com/pipermail/sle-updates/2023-March/028254.html

25 Apr 2025 03:32Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.5

EPSS0.01201

Jettison parser Denial of service Out of memory Untrusted input Markup language data