Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2022-39353
HistoryNov 14, 2022 - 3:56 a.m.

CVE-2022-39353

2022-11-1403:56:39
redhat.com
access.redhat.com
25
flaw
xmldom
xml parsing
well-formed
dependents
cve-2022-39353

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON

A flaw was found in the xmldom package. The xmldom parses XML that is not well-formed because it contains multiple top-level elements, adding all root nodes to the childNodes collection of the Document without reporting errors or throwing. This breaks the assumption that there is only a single root node in the tree, which led to CVE-2022-39299, as it is a potential issue for dependents.

Related

debiancve 1
cve 2
prion 2
ubuntucve 1
nvd 2
osv 6
cvelist 2
github 2
openvas 2
nessus 2
debian 1
githubexploit 1
ibm 6
veracode 2
cbl_mariner 1
ubuntu 1
debiancve
debiancve
CVE-2022-39353
2022-11-02 17:15:17
cve
cve
CVE-2022-39353
2022-11-02 17:15:17
CVE-2022-39299
2022-10-12 21:15:09
prion
prion
Design/Logic Flaw
2022-11-02 17:15:00
Authentication flaw
2022-10-12 21:15:00
ubuntucve
ubuntucve
CVE-2022-39353
2022-11-02 00:00:00
nvd
nvd
CVE-2022-39353
2022-11-02 17:15:17
CVE-2022-39299
2022-10-12 21:15:09
osv
osv
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
CVE-2022-39353
2022-11-02 17:15:17
CVE-2022-39299
2022-10-12 21:15:09
cvelist
cvelist
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
2022-11-02 00:00:00
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML
2022-10-12 00:00:00
github
github
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
Signature bypass via multiple root elements
2022-10-12 22:05:41
openvas
openvas
Debian: Security Advisory (DLA-3260-1)
2023-01-02 00:00:00
Ubuntu: Security Advisory (USN-6102-1)
2023-05-25 00:00:00
nessus
nessus
Debian DLA-3260-1 : node-xmldom - LTS security update
2023-01-07 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
2023-05-24 00:00:00
debian
debian
[SECURITY] [DLA 3260-1] node-xmldom security update
2023-01-01 17:00:48
githubexploit
githubexploit
Exploit for Improper Verification of Cryptographic Signature in Passport-Saml Project Passport-Saml
2022-10-31 13:24:34
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )
2024-08-08 14:33:56
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2022-39353
2022-12-01 16:35:30
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom [CVE-2022-39353]
2022-12-12 16:06:18
veracode
veracode
Improper Verification Of Cryptographic Signature
2022-10-14 11:00:44
Improper Input Validation
2022-11-03 05:26:31
cbl_mariner
cbl_mariner
CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1
2024-05-17 21:38:35
ubuntu
ubuntu
xmldom vulnerabilities
2023-05-24 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON
Related for RH:CVE-2022-39353
debiancve1cve2prion2ubuntucve1nvd2osv6cvelist2github2openvas2nessus2debian1githubexploit1ibm6veracode2cbl_mariner1ubuntu1