Disclosed
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Exploitation Probability (EPSS)
Low Priority0.82%
The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.
0% (Theoretical)100% (Certainty)
7-Day Exploitation Trend
Vulnerability Timeline
2 eventsJan 3, 2023
Vulnerability Disclosed
Published to component-level vulnerability database.
Jun 27, 2023
Last Updated
Record updated with new analysis or tags.
Threat Actor Attribution
PREMIUM INTELAssociated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes
Remediation & Mitigation
SOLUTIONOfficial patches and mitigation steps are available for this vulnerability.
# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name
Affected Products
4 Total
apache/tomcatAll Versions
apache/tomcat8.5.83
apache/tomcat10.1.0
apache/tomcat10.1.1
Am I Vulnerable?
Check your domain or package.json for CVE-2022-45143 exposure.
Vulnerability Details
CVSS Base Score
7.5/ 10
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Published Date
Jan 3, 2023
Last Modified
Jun 27, 2023
Need Manual Validation?
Automated scanners flag false positives. Get a manual pentest validation for this CVE.