Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2022-23181 | First vendor Publication | 2022-01-27 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7 | ||
| Base Score | 7 | Environmental Score | 7 |
| impact SubScore | 5.9 | Temporal Score | 7 |
| Exploitabality Sub Score | 1 | ||
| Attack Vector | Local | Attack Complexity | High |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 3.7 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 1.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181 |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 14:07:08 |
|
| 2023-12-09 13:20:16 |
|
| 2023-06-29 02:16:33 |
|
| 2023-01-10 13:07:46 |
|
| 2022-11-07 21:27:33 |
|
| 2022-10-30 09:27:40 |
|
| 2022-10-26 21:27:38 |
|
| 2022-07-30 09:27:37 |
|
| 2022-07-26 00:29:39 |
|
| 2022-04-20 09:23:08 |
|
| 2022-04-15 21:23:14 |
|
| 2022-03-05 00:23:10 |
|
| 2022-02-17 21:23:05 |
|
| 2022-02-02 21:22:55 |
|
| 2022-01-27 17:22:55 |
|
