Apache TomCat Vulnerability – CVE-2022-45143

Print

Overview

This vulnerability affects the following vendors: Apache. To view more details about this vulnerability please visit the vendor website.

CVE-2022-45143 Detail

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-45143
https://exchange.xforce.ibmcloud.com/vulnerabilities/243565
https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj

Effective Security Severity Level

High

Affected Systems

mLogica products are not affected by these vulnerabilities

Affected products

Apache Tomcat

Tests and Certifications

mLogica has evaluated all mLogica products for potential vulnerabilities and performed certification testing with the available patches and workarounds for all mLogica systems and products that are affected. It was determined that the available patches and workarounds can be safely deployed with no impact to mLogica systems and products.

Required Actions

mLogica products are being tested to confirm that they are not affected by these vulnerabilities

Exploitation and Public Announcements

The mLogica Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory in the context of mLogica products.

Record of Changes

Revision Control

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.