The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Published 2022-07-19 18:15:12
Updated 2024-01-17 15:15:10
View at NVD,   CVE.org

Threat overview for CVE-2022-34169

Top countries where our scanners detected CVE-2022-34169
Top open port discovered on systems with this issue 80
IPs affected by CVE-2022-34169 190
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2022-34169!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2022-34169

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-34169

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.9
3.6
NIST

CWE ids for CVE-2022-34169

  • When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-34169

Products affected by CVE-2022-34169

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!