A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

CPENameOperatorVersion
xerceseq2.12.0 sp1
xerceseq2.12.0 sp2
xerceslt2.12.0

Name	Operator	Version
xerces	eq	2.12.0 sp1
xerces	eq	2.12.0 sp2
xerces	lt	2.12.0

References

bugzilla.redhat.com/show_bug.cgi?id=1860054

lists.apache.org/thread.html/rf96c5afb26b596b4b97883aa90b6c0b0fc4c26aaeea7123c21912103%40%3Cj-users.xerces.apache.org%3E

nvd 2

cve 2

redhatcve 2

osv 2

cvelist 2

github 1

veracode 2

f5 1

prion 1

debiancve 1

ibm 57

alpinelinux 1

ubuntucve 1

redhat 19

nessus 54

openvas 24

rosalinux 1

oraclelinux 5

centos 3

amazon 3

fedora 4

mageia 1

gentoo 1

debian 2

ubuntu 2

suse 2

photon 2

aix 1

nvd

CVE-2020-14338

2020-09-17 15:15:13

CVE-2020-14621

2020-07-15 18:15:27

cve

CVE-2020-14338

2020-09-17 15:15:13

CVE-2020-14621

2020-07-15 18:15:27

redhatcve

CVE-2020-14338

2020-08-27 13:38:09

CVE-2020-14621

2020-07-15 09:39:04

osv

Improper Input Validation in Xerces

2022-02-15 01:37:41

openjdk-8 - security update

2020-08-13 00:00:00

cvelist

CVE-2020-14338

2020-09-17 14:06:25

CVE-2020-14621

2020-07-15 17:34:30

github

Improper Input Validation in Xerces

2022-02-15 01:37:41

veracode

Validation Bypass

2020-10-14 04:33:05

Authorization Bypass

2020-07-18 03:18:48

K55053009 : Oracle Java SE JAXP vulnerability CVE-2020-14621

2020-10-26 00:00:00

prion

Code injection

2020-07-15 18:15:00

debiancve

CVE-2020-14621

2020-07-15 18:15:27

ibm

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2020-14621)

2020-11-12 15:41:17

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification

2020-11-27 18:38:02

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Identity Insight (CVE-2020-14621, CVE-2020-14577)

2020-11-13 19:00:55

alpinelinux

CVE-2020-14621

2020-07-15 18:15:27

ubuntucve

CVE-2020-14621

2020-07-14 00:00:00

redhat

(RHSA-2021:0600) Important: Red Hat Process Automation Manager 7.10.0 security update

2021-02-17 10:00:13

(RHSA-2020:4247) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update

2020-10-13 16:44:32

(RHSA-2020:4244) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6

2020-10-13 16:37:57

nessus

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7 (Moderate) (RHSA-2020:4246)

2023-01-23 00:00:00

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6 (Moderate) (RHSA-2020:4244)

2020-10-14 00:00:00

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 (Moderate) (RHSA-2020:4245)

2020-10-14 00:00:00

openvas

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2021-1877)

2021-05-19 00:00:00

Oracle Java SE Security Updates - 03 - (cpujul2020) - Linux

2021-08-25 00:00:00

Oracle Java SE Security Updates - 03 - (cpujul2020) - Windows

2021-08-25 00:00:00

rosalinux

Advisory ROSA-SA-2023-2315

2023-12-19 12:25:07

oraclelinux

java-11-openjdk security and enhancement update

2020-07-16 00:00:00

java-1.8.0-openjdk security update

2020-07-16 00:00:00

java-1.8.0-openjdk security update

2020-07-18 00:00:00

centos

java security update

2020-08-07 12:59:34

java security update

2020-08-07 12:30:19

java security update

2020-08-07 12:29:25

amazon

Important: java-11-amazon-corretto

2020-07-14 23:04:00

Important: java-1.8.0-openjdk

2020-09-15 18:00:00

Important: java-1.8.0-openjdk

2020-09-14 20:58:00

fedora

[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc31

2020-07-28 15:03:32

[SECURITY] Fedora 31 Update: java-11-openjdk-11.0.8.10-2.fc31

2020-07-28 15:03:39

[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.262.b10-1.fc32

2020-07-23 01:07:12

mageia

Updated java-1.8.0-openjdk packages fix security vulnerability

2020-08-01 02:25:42

gentoo

OpenJDK: Multiple vulnerabilities

2020-08-30 00:00:00

debian

[SECURITY] [DLA 2325-1] openjdk-8 security update

2020-08-13 10:07:24

[SECURITY] [DSA 4734-1] openjdk-11 security update

2020-07-26 19:58:03

ubuntu

OpenJDK 8 vulnerabilities

2020-08-05 00:00:00

OpenJDK vulnerabilities

2020-07-23 00:00:00

suse

Security update for java-11-openjdk (important)

2020-08-12 00:00:00

Security update for java-11-openjdk (important)

2020-08-10 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0310

2020-07-29 00:00:00

Important Photon OS Security Update - PHSA-2020-0310

2020-07-29 00:00:00

aix

Multiple vulnerabilities in IBM Java SDK affect AIX

2020-11-03 15:29:58

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for PRION:CVE-2020-14338