Apache Tomcat Vulnerability CVE-2022-23181

Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4

Security Issue ID

SECURITY-304

Affected Product Version(s)

15.1.0, 14.7.8, 13.4.18, and all previous versions

Severity

Medium

Description

CVE-2022-23181

Apache Tomcat versions 8.5.55 through 8.5.73, 9.0.35 through 9.0.56, 10.0.0-M5 through 10.0.14, and 10.1.0-M1 through 10.1.0-M8 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using.

The problem has been recognized and patched.

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.1.1, 14.7.9 or 13.4.19

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Apache Tomcat Vulnerability CVE-2022-23181