Vulnerability Details : CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Products affected by CVE-2022-23181
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
Threat overview for CVE-2022-23181
Top countries where our scanners detected CVE-2022-23181
Top open port discovered on systems with this issue
80
IPs affected by CVE-2022-23181 240,598
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-23181!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-23181
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23181
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.7
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:P |
1.9
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2022-23181
-
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.Assigned by:
- nvd@nist.gov (Secondary)
- security@apache.org (Primary)
References for CVE-2022-23181
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
[SECURITY] CVE-2022-23181 Apache Tomcat Local Privilege Escalation-Apache Mail ArchivesMailing List;Mitigation;Vendor Advisory
-
https://www.debian.org/security/2022/dsa-5265
Debian -- Security Information -- DSA-5265-1 tomcat9Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220217-0010/
CVE-2022-23181 Apache Tomcat Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html
[SECURITY] [DLA 3160-1] tomcat9 security updateMailing List;Third Party Advisory
Jump to