Lucene search
IBM6F029265D5F1E4EA73E465DA5F623E94E637B58AB0899CCF62C2946F8619AFEFHistoryFeb 01, 2023 - 5:59 a.m.
Security Bulletin: App Connect Professional is affected by JsonErrorReportValve in Apache Tomcat.
2023-02-0105:59:16
www.ibm.com
21
0.005 Low
EPSS
Percentile
75.7%
Summary
App Connect Professional have addressed the JsonErrorReportValve vulnerability reported in Apache Tomcat.
Vulnerability Details
CVEID:CVE-2022-45143
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By sending a specially-crafted request, an attacker could exploit this vulnerability to supply values that invalidated or manipulated the JSON output.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243565 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| App Connect Professional | v755 |
Remediation/Fixes
| _ Product_ | _ VRMF_ | _ APAR_ | _ Remediation/First Fix_ |
|---|---|---|---|
| App Connect Professional | 7.5.5.0 | LI82862 | 7550 Fixcentral link |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| app connect professional | eq | 755 | |
| app connect professional | eq | 018 |
Related
nessus
nessus
Apache Tomcat 10.1.0.M1 < 10.1.2
2023-01-03 00:00:00
Apache Tomcat 9.0.40 < 9.0.69
2023-01-03 00:00:00
Atlassian Confluence 7.13.x / 7.19.1 < 7.19.16 (CONFSERVER-93173)
2023-11-24 00:00:00
prion
prion
Design/Logic Flaw
2023-01-03 19:15:00
kaspersky
kaspersky
KLA20148 ACE vulnerability in Apache Tomcat
2022-11-21 00:00:00
KLA20149 ACE vulnerability in Apache Tomcat
2022-11-14 00:00:00
veracode
veracode
Arbitrary Code Injection
2023-01-09 18:49:15
cvelist
cvelist
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping
2023-01-03 18:12:28
github
github
Apache Tomcat improperly escapes input from JsonErrorReportValve
2023-01-03 21:30:21
atlassian
atlassian
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1853-1)
2023-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2022-45143
2023-01-03 00:00:00
cve
cve
CVE-2022-45143
2023-01-03 19:15:00
tomcat
tomcat
Fixed in Apache Tomcat 10.1.2
2022-11-14 00:00:00
Fixed in Apache Tomcat 8.5.84
2022-11-21 00:00:00
Fixed in Apache Tomcat 9.0.69
2022-11-14 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Apache Tomcat (CVE-2022-45143).
2023-05-03 14:18:38
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-45143
2023-01-25 11:28:59
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-45143
2023-01-20 16:16:19
redhatcve
redhatcve
CVE-2022-45143
2023-01-06 06:04:53
f5
f5
K000133390 : Apache Tomcat vulnerability CVE-2022-45143
2023-04-18 00:00:00
debiancve
debiancve
CVE-2022-45143
2023-01-03 19:15:00
osv
osv
CVE-2022-45143
2023-01-03 19:15:10
Apache Tomcat improperly escapes input from JsonErrorReportValve
2023-01-03 21:30:21
BIT-tomcat-2022-45143
2024-03-06 11:09:02
redhat
redhat
debian
debian
[SECURITY] [DSA 5381-1] tomcat9 security update
2023-04-05 20:07:07
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0314
2023-01-17 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0518
2023-01-19 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2023-05-30 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
0.005 Low
EPSS
Percentile
75.7%
Related for 6F029265D5F1E4EA73E465DA5F623E94E637B58AB0899CCF62C2946F8619AFEF