PT-2022-27070 · Apache · Apache Tomcat
Moritz Bechler
·
Published
2022-11-16
·
Updated
2022-11-21
·
CVE-2022-44008
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BACKCLICK Professional version 5.9.63
Description
An issue was discovered due to improper validation, allowing arbitrary local files to be retrieved by accessing the back-end Tomcat server directly.
Recommendations
For BACKCLICK Professional version 5.9.63, consider restricting direct access to the back-end Tomcat server as a temporary workaround until a patch is available.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat