CVE-2022-45143 in Agile Engineering Data Managementinfo

Summary

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/10/2022

Disclosure

01/03/2023

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
234957Oracle Agile Engineering Data Management Installation injection74Not definedOfficial fixCVE-2022-45143
234728Oracle Financial Services Compliance Studio injection74Not definedOfficial fixCVE-2022-45143
234493Oracle Commerce Guided Search Endeca Application Controller
 
Not definedOfficial fixCVE-2022-45143
226721Oracle Agile PLM Security injection74Not definedOfficial fixCVE-2022-45143
226653Oracle MySQL Enterprise Monitor injection74Not definedOfficial fixCVE-2022-45143
226418Oracle SD-WAN Edge Internal tools injection74Not definedOfficial fixCVE-2022-45143
226416Oracle Communications Session Report Manager BEServer injection74Not definedOfficial fixCVE-2022-45143
226409Oracle Communications Element Manager BEServer injection74Not definedOfficial fixCVE-2022-45143
226407Oracle Communications Diameter Signaling Router Platform injection74Not definedOfficial fixCVE-2022-45143
226394Oracle Communications Cloud Native Core Binding Support Function Policy injection74Not definedOfficial fixCVE-2022-45143
226336Oracle Commerce Guided Search Content Acquisition System/Workbench injection74Not definedOfficial fixCVE-2022-45143
217292Apache Tomcat JsonErrorReportValve injection74Not definedOfficial fixCVE-2022-45143

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!