CVE-2022-29885 - Denial of Service (DoS)

Severity: High2022-10-13

Security Advisories

Abstract

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v4.1.6 and olderHigh Oxygen Content Fusion 5.0 build 2022052605
Oxygen XML Web Author v24.1 and olderHigh Oxygen XML Web Author 25.0 build 2022100711

Mitigation

None

Detail

CVE-2022-29885

Severity: High

CVSS Score: 7.5

The Apache Tomcat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-29885 vulnerability description.

Starting with Oxygen Content Fusion v5.0 Apache Tomcat library was updated to a non-vulnerable version.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2023

Products

Features

Shop

Resources

Support

Company

© 2002-2023 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor