vulnerability
Red Hat JBoss EAP: CVE-2023-44483: Insertion of Sensitive Information into Log File
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Oct 20, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Oct 20, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-532
- CVE-2023-44483
- https://attackerkb.com/topics/CVE-2023-44483
- URL-https://access.redhat.com/security/cve/CVE-2023-44483
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2246070
- URL-http://www.openwall.com/lists/oss-security/2023/10/20/5
- URL-https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
- URL-https://access.redhat.com/errata/RHSA-2024:0710
- URL-https://access.redhat.com/errata/RHSA-2024:0711
- URL-https://access.redhat.com/errata/RHSA-2024:0712
- URL-https://access.redhat.com/errata/RHSA-2024:0714
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.