Vulnerability Details : CVE-2022-36537

Public exploit exists!
Used for ransomware!
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
Published 2022-08-26 20:15:08
Updated 2025-01-29 16:15:30
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2022-36537

CVE-2022-36537 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
ZK Framework AuUploader Unspecified Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWis
Notes:
https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537
Added on 2023-02-27 Action due date 2023-03-20

Exploit prediction scoring system (EPSS) score for CVE-2022-36537

EPSS FAQ
93.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36537

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
 134c704f-9b21-4f2e-91b3-4a467353bcc0 2025-01-29
7.5
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
 NIST

References for CVE-2022-36537

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close