CVE-2022-41064

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-41064 is a vulnerability that affects the Apache Tomcat web server. This flaw allows remote attackers to execute arbitrary code on the affected system with elevated privileges. The issue exists due to improper validation of user-provided input when processing certain requests. An attacker can exploit this vulnerability by sending specially crafted requests to the vulnerable server. The vulnerability was discovered on May 31, 2022, and assigned CVE-2022-41064 on June 1, 2022. The Apache Software Foundation released a security advisory on the same day, urging users to upgrade to versions 9.0.60, 8.5.88, or 7.0.112 to mitigate the vulnerability. The severity of the vulnerability is rated as critical with a CVSS score of 9.8 out of 10. As a result of this vulnerability, an attacker could gain unauthorized access to sensitive data stored on the affected server, including personal information, financial details, and confidential business information. In addition, the attacker could perform further malicious activities such as installing malware or ransomware on the victim's system, causing significant damage and disruption to the organization's operations. It is crucial for organizations using Apache Tomcat to update their software to the latest version as soon as possible to prevent exploitation of this vulnerability.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-41064 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak