Home > Vulnerability Database > CVE-2023-44483

Mend.io Vulnerability Database

CVE-2023-44483

Good to know:

Date: October 20, 2023

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

Language: Java

Severity Score

6.5

Related Resources (6)

Url: https://github.com/apache/santuario-java

Url: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55

Url: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc?version=1&modificationDate=1697782758000&api=v2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-44483

Url: http://www.openwall.com/lists/oss-security/2023/10/20/5

Url: https://www.mend.io/vulnerability-database/CVE-2023-44483

Severity Score

6.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version org.apache.santuario:xmlsec:2.2.6,2.3.4,3.0.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-44483

Good to know:

Date: October 20, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?