{"api_version":"1","generated_at":"2026-04-22T16:06:29+00:00","cve":"CVE-2022-23181","urls":{"html":"https://cve.report/CVE-2022-23181","api":"https://cve.report/api/cve/CVE-2022-23181.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-23181","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-23181"},"summary":{"title":"CVE-2022-23181","description":"The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2022-01-27 13:15:00","updated_at":"2022-11-07 18:49:00"},"problem_types":["CWE-367"],"metrics":[],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5265","name":"DSA-5265","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5265-1 tomcat9","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20220217-0010/","name":"https://security.netapp.com/advisory/ntap-20220217-0010/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-23181 Apache Tomcat Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9","name":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html","name":"[debian-lts-announce] 20221026 [SECURITY] [DLA 3160-1] tomcat9 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3160-1] tomcat9 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-23181","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23181","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.0.0","cpe7":"milestone9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"10.1.0","cpe7":"milestone8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"10.0.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"8.5.73","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"9.0.56","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"agile_engineering_data_management","cpe6":"6.2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_policy","cpe6":"1.15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"financial_services_crime_and_compliance_management_studio","cpe6":"8.0.8.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"financial_services_crime_and_compliance_management_studio","cpe6":"8.0.8.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"managed_file_transfer","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"managed_file_transfer","cpe6":"12.2.1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23181","vulnerable":"1","versionEndIncluding":"8.0.29","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_enterprise_monitor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-23181","qid":"150472","title":"Apache Tomcat Privilege Escalation Vulnerability (CVE-2022-23181)"},{"cve":"CVE-2022-23181","qid":"181163","title":"Debian Security Update for tomcat9 (DLA 3160-1)"},{"cve":"CVE-2022-23181","qid":"181177","title":"Debian Security Update for tomcat9 (DSA 5265-1)"},{"cve":"CVE-2022-23181","qid":"184796","title":"Debian Security Update for tomcat9 (CVE-2022-23181)"},{"cve":"CVE-2022-23181","qid":"296062","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)"},{"cve":"CVE-2022-23181","qid":"353183","title":"Amazon Linux Security Advisory for tomcat8 : ALAS-2022-1572"},{"cve":"CVE-2022-23181","qid":"354480","title":"Amazon Linux Security Advisory for tomcat : ALAS2022-2022-044"},{"cve":"CVE-2022-23181","qid":"354519","title":"Amazon Linux Security Advisory for tomcat9 : ALAS2022-2022-233"},{"cve":"CVE-2022-23181","qid":"354529","title":"Amazon Linux Security Advisory for tomcat9 : ALAS-2022-233"},{"cve":"CVE-2022-23181","qid":"354572","title":"Amazon Linux Security Advisory for tomcat9 : ALAS-2022-233"},{"cve":"CVE-2022-23181","qid":"355337","title":"Amazon Linux Security Advisory for tomcat9 : ALAS2023-2023-059"},{"cve":"CVE-2022-23181","qid":"356202","title":"Amazon Linux Security Advisory for tomcat : ALASTOMCAT9-2023-003"},{"cve":"CVE-2022-23181","qid":"356224","title":"Amazon Linux Security Advisory for tomcat : ALASTOMCAT8.5-2023-004"},{"cve":"CVE-2022-23181","qid":"730348","title":"Apache Tomcat Privilege Escalation Vulnerability"},{"cve":"CVE-2022-23181","qid":"730510","title":"Atlassian Jira Remote Code Execution (RCE) Vulnerability (JRASERVER-73223)"},{"cve":"CVE-2022-23181","qid":"730575","title":"Atlassian Jira Server and Data Center Multiple Servlet Apache Tomcat Vulnerability (JRASERVER-73739)"},{"cve":"CVE-2022-23181","qid":"730646","title":"Apache Tomcat Local Privilege Escalation Vulnerability (CVE-2020-9484)"},{"cve":"CVE-2022-23181","qid":"730651","title":"Apache Tomcat Local Privilege Escalation Vulnerability (CVE-2020-9484)"},{"cve":"CVE-2022-23181","qid":"730660","title":"Apache Tomcat Local Privilege Escalation Vulnerability (CVE-2020-9484)"},{"cve":"CVE-2022-23181","qid":"730666","title":"Apache Tomcat Local Privilege Escalation Vulnerability (CVE-2020-9484)"},{"cve":"CVE-2022-23181","qid":"751788","title":"SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2022:0695-1)"},{"cve":"CVE-2022-23181","qid":"751789","title":"SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2022:0694-1)"},{"cve":"CVE-2022-23181","qid":"751846","title":"SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2022:0784-1)"},{"cve":"CVE-2022-23181","qid":"751865","title":"SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2022:0818-1)"},{"cve":"CVE-2022-23181","qid":"751877","title":"OpenSUSE Security Update for tomcat (openSUSE-SU-2022:0818-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2022-23181","STATE":"PUBLIC","TITLE":"Local privilege escalation with FileStore"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Tomcat","version":{"version_data":[{"version_affected":"=","version_name":"Apache Tomcat 10.1","version_value":"10.1.0-M1 to 10.1.0-M8"},{"version_affected":"=","version_name":"Apache Tomcat 10.0","version_value":"10.0.0-M5 to 10.0.14"},{"version_affected":"=","version_name":"Apache Tomcat 9","version_value":"9.0.35 to 9.0.56"},{"version_affected":"=","version_name":"Apache Tomcat 8","version_value":"8.5.55 to 8.5.73"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{"other":"low"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9","name":"https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220217-0010/","url":"https://security.netapp.com/advisory/ntap-20220217-0010/"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221026 [SECURITY] [DLA 3160-1] tomcat9 security update","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"},{"refsource":"DEBIAN","name":"DSA-5265","url":"https://www.debian.org/security/2022/dsa-5265"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-01-27 13:15:00","lastModifiedDate":"2022-11-07 18:49:00","problem_types":["CWE-367"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":3.7},"severity":"LOW","exploitabilityScore":1.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.55","versionEndIncluding":"8.5.73","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.35","versionEndIncluding":"9.0.56","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.1","versionEndIncluding":"10.0.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.29","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"23181","Ordinal":"225805","Title":"CVE-2022-23181","CVE":"CVE-2022-23181","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"23181","Ordinal":"1","NoteData":"The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.","Type":"Description","Title":null},{"CveYear":"2022","CveId":"23181","Ordinal":"2","NoteData":"2022-01-27","Type":"Other","Title":"Published"},{"CveYear":"2022","CveId":"23181","Ordinal":"3","NoteData":"2022-01-27","Type":"Other","Title":"Modified"}]}}}