Published: 26/08/2022 Updated: 08/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows malicious users to access sensitive information via a crafted POST request sent to the component AuUploader.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zkoss zk framework

CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses the ZK framework as the main framework Its security requires all Web3 project parties to pay more attention to the security vulnerabilities of various Web3 infrastructures and patch them in time to avoid potential security risks and digital asset losses We will dig out in time, track various security risks on web3, and

CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses the ZK framework as the main framework Its security requires all Web3 project parties to pay more attention to the security vulnerabilities of various Web3 infrastructures and patch them in time to avoid potential security risks and digital asset losses We will dig out in time, track various security risks on web3, and

POC of CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses the ZK framework as the main framework Its security requires all Web3 project parties to pay more attention to the security vulnerabilities of various Web3 infrastructures and patch them in time to avoid potential security risks and digital asset losses We will dig out in time, track various security risks on web3, and

NVD-CWE-Other https://tracker.zkoss.org/browse/ZK-5150 https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-zk-java-framework-rce-flaw/https://nvd.nist.gov https://github.com/agnihackers/CVE-2022-36537-EXPLOIT

CVE-2022-36537

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect