USN-5525-1: Apache XML Security for Java vulnerability

🗓️ 20 Jul 2022 10:47:58Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 64 Views

Apache XML Security for Java vulnerability in Ubuntu 20.04 LTS and 18.04 ESM

Reporter	Title	Published	Views	Family All 119
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities	18 Nov 202415:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities	20 Jun 202308:52	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)	6 Oct 202204:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)	10 Apr 202420:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact vulnerable to security bypass due to Apache Santuario XML Security (CVE-2021-40690)	31 Mar 202205:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967)	5 Oct 202213:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)	25 Nov 202116:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)	11 Apr 202215:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities	23 Oct 202415:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)	13 Mar 202316:26	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	amd64	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_amd64.deb
Ubuntu	18.04	arm64	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_arm64.deb
Ubuntu	18.04	armhf	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_armhf.deb
Ubuntu	18.04	i386	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_i386.deb
Ubuntu	18.04	ppc64el	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_ppc64el.deb
Ubuntu	18.04	s390x	libxml-security-java	2.0.10-2~18.04.1	libxml-security-java_2.0.10-2~18.04.1_s390x.deb
Ubuntu	20.04	any	libxml-security-java-doc	2.0.10-2+deb11u1build0.20.04.1	libxml-security-java-doc_2.0.10-2+deb11u1build0.20.04.1_any.deb
Ubuntu	18.04	amd64	libxml-security-java-doc	2.0.10-2~18.04.1	libxml-security-java-doc_2.0.10-2~18.04.1_amd64.deb
Ubuntu	18.04	arm64	libxml-security-java-doc	2.0.10-2~18.04.1	libxml-security-java-doc_2.0.10-2~18.04.1_arm64.deb
Ubuntu	18.04	armhf	libxml-security-java-doc	2.0.10-2~18.04.1	libxml-security-java-doc_2.0.10-2~18.04.1_armhf.deb

20 Jul 2022 10:47Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

CVSS 3.17.5

EPSS0.00413

apache xml security java ubuntu 20.04 lts ubuntu 18.04 esm xpath transform key element configuration property