There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
{
"unresolved_ranges": [
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:apache:xerces-j:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "2.12.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "6.2.1.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "9.3.6"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "7.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"fixed": "9.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"fixed": "9.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"fixed": "9.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "8.0.6.0.0"
},
{
"last_affected": "8.0.9.0"
},
{
"introduced": "8.1.0.0"
},
{
"fixed": "8.1.2.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "8.0.6.0.0"
},
{
"last_affected": "8.0.8.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.1.1.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.1.1.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.1.2.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.8.2.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.8.3.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.7.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.7.2.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.8.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.0.8.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.1.1.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.1.1.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "12.4.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"fixed": "13.9.4.2.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "13.9.4.2.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"fixed": "12.2.0.1.30"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "3.0.1"
},
{
"last_affected": "3.0.5"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "3.0.0.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "6.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "6.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.58"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "8.59"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "17.7"
},
{
"last_affected": "17.12.11"
},
{
"introduced": "18.8.0"
},
{
"last_affected": "18.8.14"
},
{
"introduced": "19.12.0"
},
{
"last_affected": "19.12.13"
},
{
"introduced": "20.12.0"
},
{
"last_affected": "20.12.8"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "3.6.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "16.0.3.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "13.2.8"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "14.1.3.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "15.0.3.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "16.0.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "19.0.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "14.1.3.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "15.0.3.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "16.0.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "19.0.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "16.0.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "19.0.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "14.1.3.2"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "15.0.3.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "16.0.3"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "19.0.1"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"source": "CPE_FIELD",
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"extracted_events": [
{
"last_affected": "14.1.1.0.0"
}
]
}
]
}{
"source": "CPE_FIELD",
"cpe": [
"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.7"
},
{
"last_affected": "2.7.0"
}
]
}