Apache Xalan Java XSLT library integer truncation vulnerability (CVE-2022-34169) (4371508)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Apache Xalan Java XSLT library integer truncation vulnerability (CVE-2022-34169)
Descripción

A security scan identified the following vulnerability for Apache Xalan Java XSLT library in the Foglight installation:

CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Causa

The file flagged with this vulnerability is:

[FMS_HOME]/server/core/xalan.jar

This file does contain Apache Xalan Java XSLT library version 2.7.2, which is referenced in the vulnerability report for CVE-2022-34169 .
Resolución

Foglight has removed this dependency in Foglight version 6.3.0 already available for download from the Support Portal .

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Producto(s):: Foglight
6.1.0, 6.0.0, 5.9.8, 5.9.7; Foglight Evolve
6.1.0, 6.0.0, 9.3; Foglight for Databases
6.1.0, 6.0.0, 5.9.7

Historial del artículo:: Creado el: 5/19/2023
Última actualización: 5/19/2023

Título