App Connect Professional have addressed the JsonErrorReportValve vulnerability reported in Apache Tomcat.
CVEID:CVE-2022-45143
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By sending a specially-crafted request, an attacker could exploit this vulnerability to supply values that invalidated or manipulated the JSON output.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243565 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
App Connect Professional | v755 |
_ Product_ | _ VRMF_ | _ APAR_ | _ Remediation/First Fix_ |
---|---|---|---|
App Connect Professional | 7.5.5.0 | LI82862 | 7550 Fixcentral link |
None
CPE | Name | Operator | Version |
---|---|---|---|
app connect professional | eq | 755 | |
app connect professional | eq | 018 |