Lucene search
+L

10 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.86 views

Potix ZK Framework AuUploader Remote File Disclosure (CVE-2022-36537)

The version of Potix ZK Framework detected on the remote host is prior to 8.6.4.2, 9.0.1.3, 9.5.1.4, 9.6.0.2, or 9.6.2. If is, therefore, affected by a remote file disclosure vulnerability: - ZK Framework allows attackers to access sensitive information via a crafted POST request sent to the...

7.5CVSS8.1AI score0.95335EPSS
Exploits5References2
Rapid7 Blog
Rapid7 Blog
added 2023/03/01 5:46 p.m.57 views

Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

0.2AI score0.95335EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/02/28 6:42 a.m.79 views

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

7.5CVSS1.3AI score0.95335EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/02/28 6:42 a.m.3 views

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

7.5CVSS7.1AI score0.95335EPSS
Exploits5
VulnCheck KEV
VulnCheck KEV
added 2023/02/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

7.5CVSS7.3AI score0.95335EPSS
Exploits5References1
GithubExploit
GithubExploit
added 2022/12/09 2:15 p.m.366 views

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

7.5CVSS8.2AI score0.95335EPSS
Exploits5
Circl
Circl
added 2022/08/27 12:30 a.m.19 views

CVE-2022-36537

creationtimestamp| type| source ---|---|--- 2022-08-27 00:30:26+00:00| seen| https://t.me/cibsecurity/48923 2022-11-01 12:31:11+00:00| seen| https://t.me/thehackernews/2720 2022-12-09 12:28:21+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/3580 2022-12-09 14:25:09+00:00|...

7.5CVSS7.4AI score0.95335EPSS
Exploits5References19
Vulnrichment
Vulnrichment
added 2022/08/26 12:0 a.m.7 views

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...

7.4AI score0.95335EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2022/08/26 12:0 a.m.67 views

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Recent assessments: ccondon-r7 at March 01, 2023 6:39pm UTC reported: The core vuln here is an info leak in ZK Framework, which ...

7.5CVSS8AI score0.95335EPSS
In wildExploits5References4
CVE
CVE
added 2022/08/26 12:0 a.m.648 views

CVE-2022-36537

CVE-2022-36537 – ZK Framework Information Disclosure . Affected versions of ZK Framework: 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, 8.6.4.1. An unauthenticated attacker can obtain sensitive data via a crafted POST to the AuUploader component, potentially exposing web-context files and configuration data....

7.5CVSS7.2AI score0.95335EPSS
In wildExploits5References3Affected Software1
Rows per page
Query Builder