CVE-2022-23181
Local privilege escalation with FileStore
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M8, versiones 10.0.0-M5 a 10.0.14, versiones 9.0.35 a 9.0.56 y versiones 8.5.55 a 8.5.73, que permitía a un atacante local llevar a cabo acciones con los privilegios del usuario que está usando el proceso Tomcat. Este problema sólo es explotable cuando Tomcat está configurado para persistir sesiones usando el FileStore
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-12 CVE Reserved
- 2022-01-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220217-0010 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-11-07 | |
| https://www.oracle.com/security-alerts/cpujul2022.html | 2022-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 | 2022-11-07 | |
| https://www.debian.org/security/2022/dsa-5265 | 2022-11-07 | |
| https://access.redhat.com/security/cve/CVE-2022-23181 | 2023-02-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2047417 | 2023-02-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 8.5.55 <= 8.5.73 Search vendor "Apache" for product "Tomcat" and version " >= 8.5.55 <= 8.5.73" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 9.0.35 <= 9.0.56 Search vendor "Apache" for product "Tomcat" and version " >= 9.0.35 <= 9.0.56" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 10.0.1 <= 10.0.14 Search vendor "Apache" for product "Tomcat" and version " >= 10.0.1 <= 10.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone10 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone6 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone7 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone8 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone9 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone6 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone7 |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.1.0 Search vendor "Apache" for product "Tomcat" and version "10.1.0" | milestone8 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Agile Engineering Data Management Search vendor "Oracle" for product "Agile Engineering Data Management" | 6.2.1.0 Search vendor "Oracle" for product "Agile Engineering Data Management" and version "6.2.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" | 8.0.8.2.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Financial Services Crime And Compliance Management Studio Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" | 8.0.8.3.0 Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Managed File Transfer Search vendor "Oracle" for product "Managed File Transfer" | 12.2.1.3.0 Search vendor "Oracle" for product "Managed File Transfer" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Managed File Transfer Search vendor "Oracle" for product "Managed File Transfer" | 12.2.1.4.0 Search vendor "Oracle" for product "Managed File Transfer" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | <= 8.0.29 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 8.0.29" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||