A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact None
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:N/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Redhat |
|
Configuration 1 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
EAP 7.3.3 | |||
xercesimpl | cpe:/a:redhat:jboss_enterprise_application_platform:7.3 | RHSA-2020:4247 | 2020-10-13T00:00:00Z |
Red Hat Fuse 7.9 | |||
xercesimpl | cpe:/a:redhat:jboss_fuse:7 | RHSA-2021:3140 | 2021-08-11T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 | |||
eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:4244 | 2020-10-13T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 | |||
eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:4246 | 2020-10-13T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 | |||
eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:4245 | 2020-10-13T00:00:00Z |
Red Hat Single Sign-On 7.4.3 | |||
xercesimpl | cpe:/a:redhat:jboss_single_sign_on:7.4 | RHSA-2020:4931 | 2020-11-04T00:00:00Z |
RHDM 7.10.0 | |||
xercesimpl | cpe:/a:redhat:jboss_enterprise_brms_platform:7.10 | RHSA-2021:0603 | 2021-02-17T00:00:00Z |
RHPAM 7.10.0 | |||
xercesimpl | cpe:/a:redhat:jboss_enterprise_bpms_platform:7.10 | RHSA-2021:0600 | 2021-02-17T00:00:00Z |
Text-Only RHOAR | |||
cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:5361 | 2020-12-16T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-09-17T14:06:25
Updated: 2024-08-04T12:39:36.528Z
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14338
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-17T15:15:13.143
Modified: 2024-11-21T05:03:02.520
Link: CVE-2020-14338
Redhat