VDB

DEBIAN-CVE-2022-23181

DEBIAN-CVE-2022-23181 PUBLISHED CVSS 7 HIGH

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Risk Scores

CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14tomcat90, 0, 0
Debian:13tomcat90, 0, 0
Debian:11tomcat99.0.43-1, 9.0.43-2~deb11u2, 9.0.43-2~deb11u3
Debian:12tomcat90, 0, 0

Timeline

  • Jan 27, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›