CVE-2022-45143 - Improper Input Validation

Severity: None2023-02-17

Security Advisories

Abstract

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v2.1.4 and olderNone Oxygen Feedback 3.0 build 2023031610

Mitigation

None

Detail

CVE-2022-45143

Severity: High

CVSS Score: 7.5

The Apache Tomcat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-45143 vulnerability description. However, the Oxygen products does not call the affected code. For that reason, Oxygen XML products are not affected.

Revision History

2023-03-28 Starting with Oxygen Feedback version 3.0 build 2023031610, the Apache Tomcat was updated to version 9.0.71, which includes a fix for CVE-2022-45143.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor