Vulnerability CVE-2022-34169

Vulnerability Name:

CVE-2022-34169 (CCN-231489)

Assigned:

2022-07-19

Published:

2022-07-19

Updated:

2023-05-05

Summary:

The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-34169

Source: security@apache.org
Type: Third Party Advisory, VDB Entry
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Patch, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Patch, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: XF
Type: UNKNOWN
apache-xalanjava-cve202234169-code-exec(231489)

Source: CCN
Type: Apache Mailing List, Tuesday, July 19, 2022 1:37:46 PM EDT
CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

Source: security@apache.org
Type: Issue Tracking, Mailing List, Vendor Advisory
security@apache.org

Source: security@apache.org
Type: Issue Tracking, Mailing List, Vendor Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: CCN
Type: Packet Storm Security [08-26-2022]
Xalan-J XSLTC Integer Truncation

Source: CCN
Type: oss-sec Mailing List, Tue, 19 Jul 2022 17:37:46 +0000
CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: IBM Security Bulletin 6831591 (Robotic Process Automation)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6843081 (API Connect)
IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Source: CCN
Type: IBM Security Bulletin 6959667 (Business Automation Workflow traditional)
Vulnerability in Apache Xalan may affect IBM Business Automation Workflow - CVE-2022-34169

Source: CCN
Type: IBM Security Bulletin 6999671 (App Connect for Healthcare)
IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7005485 (Cloud Pak for Network Automation)
Cloud Pak for Network Automation 2.5.0 fixes multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7009021 (Cloud Pak for Business Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023

Source: CCN
Type: IBM Security Bulletin 7014699 (Operational Decision Manager)
IBM Operational Decision Manager July 2023 - Multiple CVEs

Source: security@apache.org
Type: Patch, Third Party Advisory
security@apache.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 10:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 11:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:operational_decision_manager:8.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:robotic_process_automation:21.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7536	P	java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8080	P	java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:730	P	Security update for java-1_8_0-openj9 (Important)	2022-09-06
oval:org.opensuse.security:def:119664	P	Security update for java-1_8_0-ibm (Important)	2022-08-31
oval:org.opensuse.security:def:119479	P	Security update for java-1_8_0-ibm (Important)	2022-08-31
oval:org.opensuse.security:def:718	P	Security update for java-1_8_0-ibm (Important)	2022-08-31
oval:org.opensuse.security:def:127331	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:125770	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:6120	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5312	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:126949	P	Security update for java-1_8_0-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:5331	P	Security update for java-1_8_0-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:127347	P	Security update for java-1_8_0-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:125786	P	Security update for java-1_8_0-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:6145	P	Security update for java-1_7_1-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:6146	P	Security update for java-1_8_0-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:126948	P	Security update for java-1_7_1-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:5330	P	Security update for java-1_7_1-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:127346	P	Security update for java-1_7_1-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:125785	P	Security update for java-1_7_1-ibm (Important)	2022-08-25
oval:org.opensuse.security:def:702	P	Security update for java-1_8_0-openjdk (Important)	2022-08-19
oval:org.opensuse.security:def:119657	P	Security update for java-1_8_0-openjdk (Important)	2022-08-19
oval:org.opensuse.security:def:119472	P	Security update for java-1_8_0-openjdk (Important)	2022-08-19
oval:org.opensuse.security:def:6138	P	Security update for java-1_8_0-openjdk (Important)	2022-08-16
oval:org.opensuse.security:def:126944	P	Security update for java-1_8_0-openjdk (Important)	2022-08-16
oval:org.opensuse.security:def:127342	P	Security update for java-1_8_0-openjdk (Important)	2022-08-16
oval:org.opensuse.security:def:125780	P	Security update for java-1_8_0-openjdk (Important)	2022-08-16
oval:org.opensuse.security:def:118981	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:119286	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:119652	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:119467	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:684	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:118791	P	Security update for java-11-openjdk (Important)	2022-08-09
oval:org.opensuse.security:def:95352	P	Security update for java-1_8_0-openjdk (Important) (in QA)	2022-08-04
oval:org.opensuse.security:def:3722	P	Security update for java-1_8_0-openjdk (Important) (in QA)	2022-08-04
oval:org.opensuse.security:def:672	P	Security update for java-17-openjdk (Important)	2022-08-03
oval:org.opensuse.security:def:3663	P	Security update for java-17-openjdk (Important)	2022-08-03
oval:org.opensuse.security:def:95293	P	Security update for java-17-openjdk (Important)	2022-08-03
oval:org.opensuse.security:def:6124	P	Security update for java-11-openjdk (Important)	2022-08-01
oval:com.redhat.rhsa:def:20225736	P	RHSA-2022:5736: java-17-openjdk security, bug fix, and enhancement update (Important)	2022-07-27
oval:com.redhat.rhsa:def:20225726	P	RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)	2022-07-26
oval:com.redhat.rhsa:def:20225698	P	RHSA-2022:5698: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)	2022-07-25
oval:com.redhat.rhsa:def:20225709	P	RHSA-2022:5709: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)	2022-07-25
oval:com.redhat.rhsa:def:20225695	P	RHSA-2022:5695: java-11-openjdk security, bug fix, and enhancement update (Important)	2022-07-25
oval:com.redhat.rhsa:def:20225696	P	RHSA-2022:5696: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)	2022-07-25
oval:org.opensuse.security:def:3744	P	Security update for java-11-openjdk (Important) (in QA)	2022-07-22
oval:org.opensuse.security:def:95374	P	Security update for java-11-openjdk (Important) (in QA)	2022-07-22
oval:org.opensuse.security:def:3642	P	Security update for java-11-openjdk (Important) (in QA)	2022-07-22
oval:org.opensuse.security:def:95272	P	Security update for java-11-openjdk (Important) (in QA)	2022-07-22
oval:com.redhat.rhsa:def:20225683	P	RHSA-2022:5683: java-11-openjdk security, bug fix, and enhancement update (Important)	2022-07-21
oval:com.redhat.rhsa:def:20225687	P	RHSA-2022:5687: java-11-openjdk security, bug fix, and enhancement update (Important)	2022-07-21

BACK