CVE-2022-43980

Name of the Vulnerable Software and Affected Versions Apache Tomcat (affected versions not specified) Pandora FMS version 7.65

Description The issue concerns errors in synchronization when using a shared resource in Apache Tomcat, potentially allowing a remote attacker to gain unauthorized access to protected information. Additionally, there is a stored cross-site scripting issue in Pandora FMS, specifically in the network maps editing functionality. This could allow an attacker to modify a network map to include an XSS payload, which would be executed if an admin user clicks on the edited map, potentially leading to the theft of the admin user's cookie.

Recommendations For Apache Tomcat, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Pandora FMS version 7.65, consider restricting access to the network maps editing functionality until a patch is available, and avoid clicking on edited network maps to minimize the risk of exploitation.