CVE-2022-36537 - ZK Framework AuUploader Unspecified Vulnerability
CVE-2022-36537
ZK Framework | AuUploader
- Date Added:
- 2023-02-27
- Due Date:
- 2023-03-20
- Vulnerability Name
ZK Framework AuUploader Unspecified Vulnerability
- Description
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537
Free online web security scanner