Active Exploitation of ZK Framework CVE-2022-36537

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is aware of active exploitation of CVE-2022-36537 in vulnerable versions of ConnectWise R1Soft Server Backup Manager software. The root cause of the vulnerability is an...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

ZK Framework AuUploader Unspecified Vulnerability

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

CVE-2022-36537

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Recent assessments: ccondon-r7 at March 01, 2023 6:39pm UTC reported: The core vuln here is an info leak in ZK Framework, which ...