xalan: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) (CVE-2022-34169)
jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data (CVE-2022-45685)
santuario: Private Key disclosure in debug-log output (CVE-2023-44483)
springframework: URL Parsing with Host Validation (CVE-2024-22262)
cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding (CVE-2024-28752)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

vulnrichment 3

osv 19

veracode 5

nvd 5

cve 5

github 5

cvelist 5

ibm 44

redhatcve 5

cgr 2

wolfi 2

nessus 29

f5 2

atlassian 7

prion 3

ubuntucve 4

debiancve 4

cbl_mariner 1

githubexploit 3

alpinelinux 1

openvas 10

debian 3

googleprojectzero 1

redhat 18

cnvd 1

amazon 4

gentoo 1

suse 2

oraclelinux 3

almalinux 1

rocky 1

vulnrichment

CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding

2024-03-15 10:27:30

CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output

2023-10-20 09:23:53

CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation

2024-04-16 05:54:12

osv

CGA-58x7-92cj-h7fv

2024-06-06 12:24:03

CGA-877w-8xxp-xv6m

2024-06-06 12:25:10

SSRF vulnerability using the Aegis DataBinding in Apache CXF

2024-03-15 12:30:37

veracode

Server-Side Request Forgery (SSRF)

2024-03-18 08:35:48

Denial Of Service (DoS)

2022-12-14 09:59:44

Open Redirect

2024-04-18 05:19:04

nvd

CVE-2024-28752

2024-03-15 11:15:09

CVE-2022-45685

2022-12-13 15:15:11

CVE-2023-44483

2023-10-20 10:15:12

cve

CVE-2024-28752

2024-03-15 11:15:09

CVE-2022-45685

2022-12-13 15:15:11

CVE-2023-44483

2023-10-20 10:15:12

github

SSRF vulnerability using the Aegis DataBinding in Apache CXF

2024-03-15 12:30:37

Jettison Out-of-bounds Write vulnerability

2022-12-13 15:30:26

Apache Santuario - XML Security for Java are vulnerable to private key disclosure

2023-10-20 12:31:04

cvelist

CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding

2024-03-15 10:27:30

CVE-2022-45685

2022-12-13 00:00:00

CVE-2023-44483 Apache Santuario: Private Key disclosure in debug-log output

2023-10-20 09:23:53

ibm

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

2024-05-24 15:15:10

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2024-22262

2024-06-28 15:21:44

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22262]

2024-08-02 22:10:33

redhatcve

CVE-2024-22262

2024-04-16 10:22:09

CVE-2024-28752

2024-03-21 15:31:52

CVE-2022-45685

2023-06-13 19:46:35

cgr

CVE-2024-28752 vulnerabilities

2024-05-19 03:07:16

CVE-2023-44483 vulnerabilities

2024-05-19 03:07:16

wolfi

CVE-2024-28752 vulnerabilities

2024-09-18 21:11:55

CVE-2023-44483 vulnerabilities

2024-09-18 21:11:55

nessus

Oracle Primavera Gateway (Jul 2024 CPU)

2024-07-18 00:00:00

Apache CXF < 3.5.8, 3.6.x < 3.6.3, 4.0.x < 4.0.4 SSRF

2024-03-22 00:00:00

Debian DSA-5256-1 : bcel - security update

2022-10-19 00:00:00

K000134496 : Jettison vulnerability CVE-2022-45685

2023-05-08 00:00:00

K42795243 : Apache Xalan Java Library vulnerability CVE-2022-34169

2022-08-25 00:00:00

atlassian

DoS (Denial of Service) org.codehaus.jettison:jettison Dependency in Jira Software Data Center and Server

2024-02-14 10:47:07

Jettison Vulnerability in Bitbucket Data Center and Server

2023-10-04 19:45:37

RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server

2024-03-07 14:45:37

prion

Stack overflow

2022-12-13 15:15:00

Code injection

2023-10-20 10:15:00

Integer overflow

2022-07-19 18:15:00

ubuntucve

CVE-2022-45685

2022-12-13 00:00:00

CVE-2023-44483

2023-10-20 00:00:00

CVE-2022-34169

2022-07-19 00:00:00

debiancve

CVE-2022-45685

2022-12-13 15:15:11

CVE-2023-44483

2023-10-20 10:15:12

CVE-2022-34169

2022-07-19 18:15:11

cbl_mariner

CVE-2022-34169 affecting package openjdk8 1.8.0.332-2

2024-09-18 21:14:16

githubexploit

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

2023-01-17 03:48:11

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

2022-08-15 09:43:08

Exploit for CVE-2024-22243

2024-02-21 12:55:22

alpinelinux

CVE-2022-34169

2022-07-19 18:15:11

openvas

Debian: Security Advisory (DLA-3155-1)

2022-10-19 00:00:00

Huawei EulerOS: Security Advisory for jettison (EulerOS-SA-2023-2151)

2023-06-09 00:00:00

Debian: Security Advisory (DSA-5256-1)

2022-10-20 00:00:00

debian

[SECURITY] [DLA 3155-1] bcel security update

2022-10-18 17:55:52

[SECURITY] [DSA 5256-1] bcel security update

2022-10-18 18:04:55

[SECURITY] [DLA 3259-1] libjettison-java security update

2022-12-31 17:25:15

googleprojectzero

Gregor Samsa: Exploiting Java's XML Signature Verification

2022-11-02 00:00:00

redhat

(RHSA-2024:3780) Important: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.4.SP2)

2024-06-10 16:27:26

(RHSA-2024:2852) Important: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 update is now available (RHBQ 3.2.12.GA)

2024-05-15 10:09:54

(RHSA-2024:0714) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.15 Security update

2024-02-06 19:53:54

cnvd

Apache Xalan input validation error vulnerability

2022-07-21 00:00:00

amazon

Important: jettison

2023-06-07 23:52:00

Important: jettison

2023-06-07 23:52:00

Important: java-11-amazon-corretto

2022-07-19 01:18:00

gentoo

Apache Commons BCEL: Remote Code Execution

2024-05-05 00:00:00

suse

Security update for java-11-openjdk (important)

2022-08-09 00:00:00

Security update for java-1_8_0-openjdk (important)

2022-08-19 00:00:00

oraclelinux

java-1.8.0-openjdk security, bug fix, and enhancement update

2022-07-25 00:00:00

java-11-openjdk security, bug fix, and enhancement update

2022-07-26 00:00:00

java-1.8.0-openjdk security, bug fix, and enhancement update

2022-07-26 00:00:00

almalinux

Important: java-11-openjdk security, bug fix, and enhancement update

2022-07-25 00:00:00

rocky

java-11-openjdk security, bug fix, and enhancement update

2022-07-21 13:41:28

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for RHSA-2024:3708