CVE-2023-44483
Severity
6.5MEDIUM
EPSS
0.2%
top 59.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 20
Latest updateOct 15
Description
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
4📋Vendor Advisories
9Oracle▶
Oracle Oracle Retail Applications Risk Matrix: Internal Operations (Apache Santuario XML Security For Java) — CVE-2023-44483↗2025-10-15
Oracle▶
Oracle Oracle PeopleSoft Risk Matrix: Core (Apache Santuario XML Security For Java) — CVE-2023-44483↗2025-07-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Reports (Apache Santuario XML Security For Java) — CVE-2023-44483↗2025-01-15
Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: PSEM Plugin (Apache Santuario XML Security For Java) — CVE-2023-44483↗2024-10-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Installer (Apache Santuario XML Security For Java) — CVE-2023-44483↗2024-07-15