The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

The version of IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) installed on the remote host is 9.7.2.x prior to 9.7.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 7124058 advisory.

  - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet     containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly     vulnerable to an authorization bypass. (CVE-2022-32532)

  - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow     a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary     shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client     or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade     both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
    (CVE-2023-46604)

  - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be     exploited. There is only a risk in conjunction with Java object deserialization within an application. In     such situations, it allows attackers to erase contents of arbitrary files, make network connections, or     possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. (CVE-2022-36944)

  - IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which     could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the     website trusts. IBM X-Force ID: 251216. (CVE-2023-28949)

  - A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows     remote attackers to inject arbitrary web script through a crafted protected comment (with the     cke_protected syntax). (CVE-2020-9281)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Business Intelligence Enterprise Edition (OBIEE) installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.

  - A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity     vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different     classes. (CVE-2019-10172)

  - An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The     OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing     incorrect passwords to indicate they were matching with previously hashed ones that were different.
    (CVE-2020-28052)

  - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user     from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects     XMLBeans up to and including v2.6.0. (CVE-2021-23926)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3876-1 advisory.

  - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user     from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects     XMLBeans up to and including v2.6.0. (CVE-2021-23926)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3875-1 advisory.

  - The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user     from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects     XMLBeans up to and including v2.6.0. (CVE-2021-23926)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The XML parsers used by XMLBeans did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include the possibility for XML Entity Expansion attacks which could lead to a denial of service. This update implements sensible defaults for the XML parsers to prevent these kind of attacks.

For Debian 9 stretch, this problem has been fixed in version 2.6.0+dfsg-1+deb9u1.

We recommend that you upgrade your xmlbeans packages.

For the detailed security status of xmlbeans please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/xmlbeans

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
191754	IBM Engineering Requirements Management DOORS 9.7.2.x < 9.7.2.8 Multiple Vulnerabilities (7124058)	Nessus	Windows	critical
174742	Oracle Business Intelligence Enterprise Edition (Apr 2023 CPU)	Nessus	Misc.	critical
167038	SUSE SLED12 / SLES12 Security Update : xmlbeans (SUSE-SU-2022:3876-1)	Nessus	SuSE Local Security Checks	critical
167035	SUSE SLED15 / SLES15 Security Update : xmlbeans (SUSE-SU-2022:3875-1)	Nessus	SuSE Local Security Checks	critical
151111	Debian DLA-2693-1 : xmlbeans security update	Nessus	Debian Local Security Checks	critical

Detections

Analytics

CVE-2021-23926

critical

Tenable Plugins

critical

critical

critical

critical

critical