Vulnerability Name:

CVE-2022-23181 (CCN-218221)

Assigned:2022-01-26
Published:2022-01-26
Updated:2022-11-07
Summary:The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
CVSS v3 Severity:7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-367
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-23181

Source: XF
Type: UNKNOWN
apache-cve202223181-priv-esc(218221)

Source: MISC
Type: Mailing List, Mitigation, Vendor Advisory
https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221026 [SECURITY] [DLA 3160-1] tomcat9 security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220217-0010/

Source: CCN
Type: Apache Web site
CVE-2022-23181

Source: DEBIAN
Type: Third Party Advisory
DSA-5265

Source: CCN
Type: IBM Security Bulletin 6566469 (UrbanCode Build)
IBM UrbanCode Build is affected by CVE-2022-23181

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6573017 (Watson Speech Services Cartridge for Cloud Pak for Data)
A vulnerability in Apache Tomcat affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6574785 (Process Mining)
Vulnerability in Apache Tomcat affects IBM Process Mining (CVE-2022-23181)

Source: CCN
Type: IBM Security Bulletin 6575481 (Watson Speech Services Cartridge for Cloud Pak for Data)
Vulnerabilities in Apache Tomcat affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-23181)

Source: CCN
Type: IBM Security Bulletin 6598701 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

Source: CCN
Type: IBM Security Bulletin 6605015 (UrbanCode Release)
IBM UrbanCode Release is vulnerable to elevated privileges due to use of Apache Tomcat CVE-2022-23181

Source: CCN
Type: IBM Security Bulletin 6606987 (Cloud Pak for Security)
IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-23181

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: Patch, Third Party Advisory
N/A

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 8.5.55 and <= 8.5.73)
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 9.0.35 and <= 9.0.56)
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 10.0.1 and <= 10.0.14)
  • OR cpe:/a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version <= 8.0.29)
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:tomcat:8.5.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.73:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:3544
    P
    		libFLAC++6-1.3.0-11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95174
    P
    		tomcat-9.0.36-150200.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:119033
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:94064
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:100097
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:1724
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:119338
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:94278
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:100435
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:119521
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:94485
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:100769
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:118843
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:93852
    P
    		 (Important)
    2022-03-14
    oval:org.opensuse.security:def:119706
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:102282
    P
    		Security update for tomcat (Important)
    2022-03-14
    oval:org.opensuse.security:def:125815
    P
    		Security update for tomcat (Important)
    2022-03-09
    oval:org.opensuse.security:def:5363
    P
    		Security update for tomcat (Important)
    2022-03-09
    oval:org.opensuse.security:def:126978
    P
    		Security update for tomcat (Important)
    2022-03-09
    oval:org.opensuse.security:def:6187
    P
    		Security update for tomcat (Important)
    2022-03-09
    oval:org.opensuse.security:def:127376
    P
    		Security update for tomcat (Important)
    2022-03-09
    BACK
    apache tomcat 10.0.0 milestone5
    apache tomcat 10.0.0 milestone6
    apache tomcat 10.0.0 milestone7
    apache tomcat 10.0.0 milestone8
    apache tomcat 10.0.0 milestone9
    apache tomcat 10.0.0 milestone10
    apache tomcat 10.1.0 milestone3
    apache tomcat 10.1.0 milestone4
    apache tomcat 10.1.0 milestone5
    apache tomcat *
    apache tomcat *
    apache tomcat *
    apache tomcat 10.1.0 milestone1
    apache tomcat 10.1.0 milestone2
    apache tomcat 10.1.0 milestone6
    apache tomcat 10.1.0 milestone7
    apache tomcat 10.1.0 milestone8
    oracle managed file transfer 12.2.1.3.0
    oracle agile engineering data management 6.2.1.0
    oracle managed file transfer 12.2.1.4.0
    oracle mysql enterprise monitor *
    oracle communications cloud native core policy 1.15.0
    oracle financial services crime and compliance management studio 8.0.8.2.0
    oracle financial services crime and compliance management studio 8.0.8.3.0
    debian debian linux 10.0
    debian debian linux 11.0
    apache tomcat 8.5.55
    apache tomcat 8.5.73