CVE-2022-22012

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-22012 is a vulnerability that affects the popular open-source software suite, Apache Struts. The flaw resides in the core component of the software, allowing attackers to remotely execute malicious code on affected servers. The vulnerability was given a severity rating of 9.8 out of 10 by the Common Vulnerability Scoring System (CVSS) due to its potential impact on confidentiality, integrity, and availability. The vulnerability was discovered in early May 2022 and publicly disclosed on June 14th, 2022. An attacker who successfully exploits this vulnerability can perform arbitrary code execution with the privileges of the user running the affected application. This could lead to complete control over the affected server, data theft, and potentially allow attackers to pivot to other systems on the network. As Apache Struts is widely used across various industries and government agencies, the vulnerability poses a significant risk to organizations that use the software. As soon as the vulnerability was made public, Apache released patches to address the issue, and organizations were advised to apply the updates immediately to prevent exploitation. However, given the critical nature of the vulnerability, it is likely that attackers had already exploited the flaw before the patch was released.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-22012 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards