Oracle Global Lifecycle Management OPatch Patch Installer denial of service

A vulnerability classified as problematic has been found in Oracle Global Lifecycle Management OPatch (the affected version unknown). This affects an unknown code of the component Patch Installer. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field08/06/2022 04:29 PM08/06/2022 04:36 PM08/06/2022 04:43 PM
vendorOracleOracleOracle
nameGlobal Lifecycle Management OPatchGlobal Lifecycle Management OPatchGlobal Lifecycle Management OPatch
cveCVE-2022-23437CVE-2022-23437CVE-2022-23437
componentPatch InstallerPatch InstallerPatch Installer
risk111
cwe404 (denial of service)404 (denial of service)404 (denial of service)
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss3_vuldb_basescore4.24.24.2
cvss3_vuldb_tempscore4.04.04.0
cvss3_meta_basescore4.25.35.3
cvss3_meta_tempscore4.05.25.2
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1642546800 (01/19/2022)1642546800 (01/19/2022)1642546800 (01/19/2022)
cve_nvd_summaryThere's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiCC
cvss2_nvd_basescore7.17.1
cvss3_nvd_basescore6.56.5
cvss3_nvd_avNN

Interested in the pricing of exploits?

See the underground prices here!