EUVD-2022-1008

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Incorrect Default Permissions in Tomcat allows local escalation to root on specific SUSE versions.

Reporter	Title	Published	Views	Family All 30
IBM Security Bulletins	Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries	26 Mar 202503:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator	29 Apr 202502:11	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-22345, CVE-2020-8022, CVE-2021-33813, CVE-2020-9488)	25 Apr 202214:25	–	ibm
CVE	CVE-2020-8022	29 Jun 202008:20	–	cve
Cvelist	CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges	29 Jun 202008:20	–	cvelist
Github Security Blog	Incorrect Default Permissions in Apache Tomcat	9 Feb 202223:01	–	github
NCSC	Vulnerabilities fixed in IBM QRadar	26 Apr 202200:00	–	ncsc
NVD	CVE-2020-8022	29 Jun 202009:15	–	nvd

[
  {
    "enisaIdVendor": [
      {
        "id": "2a18a046-abc7-34bf-a420-167ada3023a9",
        "vendor": {
          "name": "SUSE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "13b6a56e-ed86-3d3d-a0a8-c7e8ab96d206",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP3-LTSS"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "203aad44-ebe1-38cc-b938-1c5815224e13",
        "product": {
          "name": "SUSE Enterprise Storage 5"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "2b26a816-8e50-3fa0-8671-5b62b83e72c0",
        "product": {
          "name": "SUSE Linux Enterprise Server for SAP 12-SP2"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "307db9b3-48cb-3b7a-afeb-a96c2fa1e861",
        "product": {
          "name": "SUSE OpenStack Cloud 7"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "350bbe77-ed6b-3307-83f6-e74e68247ae3",
        "product": {
          "name": "SUSE Linux Enterprise Server 15-LTSS"
        },
        "product_version": "tomcat <9.0.35-3.57.3"
      },
      {
        "id": "4a6b1e0c-4cc3-3dd8-9751-9751e3a62aeb",
        "product": {
          "name": "SUSE Linux Enterprise Server for SAP 15"
        },
        "product_version": "tomcat <9.0.35-3.57.3"
      },
      {
        "id": "63ea01c9-c782-32e8-a896-4c3b63277602",
        "product": {
          "name": "SUSE OpenStack Cloud 8"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "88937011-f217-3932-b132-7429c2f4bd73",
        "product": {
          "name": "SUSE Linux Enterprise Server for SAP 12-SP3"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "9315acfa-33ce-3795-8bc7-b7ca3684b08f",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP4"
        },
        "product_version": "tomcat <9.0.35-3.39.1"
      },
      {
        "id": "9d98edb0-8af8-3074-ae7a-92f76d0ae923",
        "product": {
          "name": "SUSE OpenStack Cloud Crowbar 8"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "a7f2ef13-5565-3136-b5f4-da2a0e0e592f",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP5"
        },
        "product_version": "tomcat <9.0.35-3.39.1"
      },
      {
        "id": "e2951c01-5bbc-3b4d-8991-0fd9ee530ab9",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP2-LTSS"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "eb740f88-464e-3823-ac18-6e391fbc8dc1",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP3-BCL"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      },
      {
        "id": "f8967d5e-47f0-310e-9a66-6216e2f15719",
        "product": {
          "name": "SUSE Linux Enterprise Server 12-SP2-BCL"
        },
        "product_version": "tomcat <8.0.53-29.32.1"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8022
bugzilla	www.bugzilla.suse.com/show_bug.cgi
lists	www.lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E
lists	www.lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E
lists	www.lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E
lists	www.lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html
suse	www.suse.com/security/cve/CVE-2020-8022.html
lists	www.lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E

03 Oct 2025 20:07Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.17.7 - 7.8

CVSS 27.2

EPSS0.00187