VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-8mkv-tade-aaam

Essentials
Severities (110)
References (23)
Severity details (20)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-8mkv-tade-aaam
Aliases	CVE-2023-44483 GHSA-xfrj-6vvc-3xm2
Summary	Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-532	Insertion of Sensitive Information into Log File
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0798
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0798
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0799
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0799
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0800
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0800
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0801
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0801
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0804
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0804
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44483.json
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
epss	0.01229	https://api.first.org/data/v1/epss?cve=CVE-2023-44483
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-xfrj-6vvc-3xm2
cvssv3.1	6.5	https://github.com/apache/santuario-java
generic_textual	MODERATE	https://github.com/apache/santuario-java
cvssv3.1	6.5	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
generic_textual	MODERATE	https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-44483
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-44483
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2023/10/20/5
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2023/10/20/5

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44483.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-44483
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44483
		https://github.com/apache/santuario-java
		https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
		http://www.openwall.com/lists/oss-security/2023/10/20/5
1059313		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059313
2246070		https://bugzilla.redhat.com/show_bug.cgi?id=2246070
cpe:2.3:a:apache:santuario_xml_security_for_java::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:santuario_xml_security_for_java::::::::
CVE-2023-44483		https://nvd.nist.gov/vuln/detail/CVE-2023-44483
CVE-2023-44483.TXT.ASC?VERSION=1&MODIFICATIONDATE=1697782758000&API=V2		https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc?version=1&modificationDate=1697782758000&api=v2
GHSA-xfrj-6vvc-3xm2		https://github.com/advisories/GHSA-xfrj-6vvc-3xm2
RHSA-2024:0710		https://access.redhat.com/errata/RHSA-2024:0710
RHSA-2024:0711		https://access.redhat.com/errata/RHSA-2024:0711
RHSA-2024:0712		https://access.redhat.com/errata/RHSA-2024:0712
RHSA-2024:0714		https://access.redhat.com/errata/RHSA-2024:0714
RHSA-2024:0789		https://access.redhat.com/errata/RHSA-2024:0789
RHSA-2024:0798		https://access.redhat.com/errata/RHSA-2024:0798
RHSA-2024:0799		https://access.redhat.com/errata/RHSA-2024:0799
RHSA-2024:0800		https://access.redhat.com/errata/RHSA-2024:0800
RHSA-2024:0801		https://access.redhat.com/errata/RHSA-2024:0801
RHSA-2024:0804		https://access.redhat.com/errata/RHSA-2024:0804
RHSA-2024:3708		https://access.redhat.com/errata/RHSA-2024:3708

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0798

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0798

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0799

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0799

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0800

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0800

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0801

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0801

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0804

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0804

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44483.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/santuario-java

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-44483

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-44483

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2023/10/20/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.27764
EPSS Score	0.00094
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.