APM 10.7 - EM Vulnerability CVE-2022-23437 Apache Xerces2 J2.12.1
search cancel

APM 10.7 - EM Vulnerability CVE-2022-23437 Apache Xerces2 J2.12.1

book

Article ID: 233330

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope) DX Application Performance Management

Issue/Introduction

This vulnerability has been reported for the Introscope EM (scanned version: 10.7.0.361).

https://nvd.nist.gov/vuln/detail/CVE-2022-23437.

Apache XercesJ is vulnerable to denial-of-service (DoS) due to improper input validation in the XML parser which can lead to an infinite loop. An attacker could exploit this vulnerability by supplying a system with a maliciously crafted XML document.

According to Blackduck the CVSS score is 4.8, and a fix would be to use XercesJ 2.12.2.

 

Environment

APM 10.7

 

Cause

Defect DE526707

Resolution

To be fixed in APM 10.8

Additional Information

https://knowledge.broadcom.com/external/article/105898/apm-107-hotfixes.html

Powered by Wolken Software