CVE-2022-40150 in Oracle Utilities Application Frameworkinfo

Summary

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

Once again VulDB remains the best source for vulnerability data.

Responsible

Google Inc.

Reservation

09/07/2022

Disclosure

09/16/2022

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
234973Oracle Utilities Application Framework General denial of service404Not definedOfficial fixCVE-2022-40150
234947Oracle Siebel CRM EAI denial of service404Not definedOfficial fixCVE-2022-40150
218731Oracle WebLogic Server Centralized Third Party Jars denial of service404Not definedOfficial fixCVE-2022-40150
218552Oracle Communications Billing and Revenue Management Webservices Manager denial of service404Not definedOfficial fixCVE-2022-40150
208863Jettison XML Parser resource consumption400Not definedNot definedCVE-2022-40150

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!