Vulnerability CVE-2022-34305 - CERT Civis.Net

Vulnerability Name:

CVE-2022-34305 (CCN-229596)

Assigned:

2022-06-23

Published:

2022-06-23

Updated:

2022-10-26

Summary:

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2022-34305

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220623 CVE-2022-34305: Apache Tomcat: XSS in examples web application

Source: XF
Type: UNKNOWN
apache-cve202234305-xss(229596)

Source: CONFIRM
Type: Mailing List, Release Notes, Third Party Advisory
N/A

Source: CCN
Type: oss-sec Mailing List, Thu, 23 Jun 2022 11:23:39 +0100
CVE-2022-34305: Apache Tomcat: XSS in examples web application

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-34

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0006/

Source: CCN
Type: Apache Web site
Apache Tomcat - Welcome!

Source: CCN
Type: IBM Security Bulletin 6603987 (App Connect Professional)
The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6829145 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat (CVE-2022-34305)

Source: CCN
Type: IBM Security Bulletin 6849107 (UrbanCode Build)
IBM UrbanCode Build is affected by CVE-2022-34305

Source: CCN
Type: IBM Security Bulletin 6854325 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)

Source: CCN
Type: IBM Security Bulletin 6856713 (UrbanCode Release)
IBM UrbanCode Release is affected by CVE-2022-34305

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 9.0.30 and <= 9.0.64)

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 8.5.50 and <= 8.5.81)

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 10.0.0 and <= 10.0.22)

Configuration CCN 1:

cpe:/a:apache:tomcat:8.5.50:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:m1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.64:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.81:*:*:*:*:*:*:*

AND

cpe:/a:ibm:app_connect:7.5.2.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:urbancode_build:6.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_partner_engagement_manager:6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable