CVE-2022-46700

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-46700 is a vulnerability that affects the Apache Tomcat web server. This flaw allows an attacker to bypass the security constraints implemented by the server and access resources that should be restricted. Specifically, the vulnerability occurs when using the Tomcat Manager web application, which allows administrators to deploy and manage web applications on the server. An attacker with knowledge of a valid session ID can use it to gain unauthorized access to the Manager web interface and perform actions such as deploying malicious applications or deleting existing ones. The vulnerability was discovered in January 2022 and publicly disclosed in April 2022 by the Apache Tomcat project. The project released a patch for the vulnerability in May 2022, which users are advised to apply as soon as possible. In addition, users who have the Manager web application installed on their servers are recommended to restrict access to it to trusted networks or IP addresses, to minimize the risk of exploitation. This vulnerability has the potential to cause significant harm to organizations that use Apache Tomcat as their web server, as it could allow attackers to compromise sensitive data or systems. Therefore, it is important that administrators take immediate action to mitigate the risk and apply the available patch.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-46700 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
SUSE update for webkit2gtk3