CVE-2023-44483 in PeopleSoft Enterprise PeopleToolsinfo

Summary

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

09/29/2023

Disclosure

10/25/2023

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

Sources

• MITRE
• NVD
• CVE Details