Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2022-23181

CVE information

Published

2 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

High

Impact Analysis

Description

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore..

CVSSv2.0 Score

Severity
Low
Base Score
3.7/10
Exploit Score
1.9/10
Access Vector
Local
Access Complexity
High
Authentication Required
None
Impact Score
6.4/10
Confidentiality Impact
Partial
Availability Impact
Partial
Integrity Impact
Partial

CVSSv3.1 Score

Severity
High
Base Score
7/10
Exploit Score
1/10
Access Vector
Local
Access Complexity
High
Privileges Required
Low
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  Yes
8.5.55 -
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  Yes
9.0.35 -
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
  Yes
10.0.1 -
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*
  Yes
- -
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.1
  Yes
- -
cpe:2.3:a:oracle:financial_services_crime_and_compliance_man
  Yes
- -
cpe:2.3:a:oracle:financial_services_crime_and_compliance_man
  Yes
- -
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  Yes
- -