CVE-2022-45143 - Improper Input Validation

Severity: None2023-02-17

Security Advisories


The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

The Oxygen products incorporate Apache Tomcat as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v2.1.4 and olderNone Oxygen Feedback 3.0 build 2023031610





Severity: High

CVSS Score: 7.5

The Apache Tomcat third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-45143 vulnerability description. However, the Oxygen products does not call the affected code. For that reason, Oxygen XML products are not affected.

Revision History

2023-03-28 Starting with Oxygen Feedback version 3.0 build 2023031610, the Apache Tomcat was updated to version 9.0.71, which includes a fix for CVE-2022-45143.

List of Security Advisories