This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2020-09-17
Product Xerces Last view 2020-09-17
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:redhat:xerces:*:*:*:*:*:*:*:* 1
cpe:2.3:a:redhat:xerces:2.12.0:sp1:*:*:*:*:*:* 1
cpe:2.3:a:redhat:xerces:2.12.0:sp2:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
5.3 2020-09-17 CVE-2020-14338

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation