search cancel

Potential Vulnerability finding


Article ID: 201236


Updated On:


CA Application Test Service Virtualization


Seen the vulnerability CVE-2020-14338 with the name Red Hat Wildfly JAXP Component XMLSchemaValidator Class use-grammar-pool-only Implementation XML FIle Handling Validation Process Manipulation.

Red Hat Wildfly contains a flaw in the XMLSchemaValidator class in the JAXP component that is due to the way the use-grammar-pool-only feature is implemented. With a specially crafted XML file, a context-dependent attacker can manipulate the validation process and have an unspecified impact.

Does DevTest utilize this component? 


Devtest 10.6
Component : CA Service Virtualization




The DevTest code does not use the classes mentioned in the Vulnerability description however wildfly is used in keycloak.

We are upgrading to keycloak 11.0.1 and it does not have this vulnerability. 

I have checked in 10.6 DevTest and we do not have this vulnerability.

10.3 will be the end of support so soon so we can request customers to upgrade it to the latest version i.e. 10.6.

DevTest 10.3 and 10.5 were checked for this and were found not to have this issue.