{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T12:14:22.600","vulnerabilities":[{"cve":{"id":"CVE-2022-23181","sourceIdentifier":"security@apache.org","published":"2022-01-27T13:15:08.060","lastModified":"2024-11-21T06:48:08.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore."},{"lang":"es","value":"Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M8, versiones 10.0.0-M5 a 10.0.14, versiones 9.0.35 a 9.0.56 y versiones 8.5.55 a 8.5.73, que permitía a un atacante local llevar a cabo acciones con los privilegios del usuario que está usando el proceso Tomcat. Este problema sólo es explotable cuando Tomcat está configurado para persistir sesiones usando el FileStore"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:P/I:P/A:P","baseScore":3.7,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":1.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.55","versionEndIncluding":"8.5.73","matchCriteriaId":"2B1B1948-279A-496F-B6BE-09B6450B92B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.35","versionEndIncluding":"9.0.56","matchCriteriaId":"64612E68-03F6-4BB8-BF27-0EBA1FF4E8DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.1","versionEndIncluding":"10.0.14","matchCriteriaId":"107AE685-1C09-4DFD-BD52-1E5C1AC51769"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"83B9FF07-1B93-4F8C-AC56-7CA74E61B724"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"53A9F7EE-AF2A-43E5-B708-0198784AB45A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"AC872C5F-63AF-4BB8-8629-334FC9704AE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"94B95C95-DF3E-49C1-9CA0-4474DD7EF7B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"310B0163-01DE-40DA-A2EA-FFA4A6100037"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"75420449-A951-4133-A5F1-4C01F2DF843B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"6D402B5D-5901-43EB-8E6A-ECBD512CE367"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"9846609D-51FC-4CDD-97B3-8C6E07108F14"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"2E321FB4-0B0C-497A-BB75-909D888C93CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"7CB9D150-EED6-4AE9-BCBE-48932E50035E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"D334103F-F64E-4869-BCC8-670A5AFCC76C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"CE1A9030-B397-4BA6-8E13-DA1503872DDB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"B4367D9B-BF81-47AD-A840-AC46317C774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*","matchCriteriaId":"55F091C7-0869-4FD6-AC73-DA697D990304"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*","matchCriteriaId":"4D134C60-F9E2-46C2-8466-DB90AD98439E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A2E3E923-E2AD-400D-A618-26ADF7F841A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9AB58D27-37F2-4A32-B786-3490024290A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.29","matchCriteriaId":"B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9","source":"security@apache.org","tags":["Mailing List","Mitigation","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220217-0010/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5265","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220217-0010/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2022/dsa-5265","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}