vulnerability

R1Soft Server Backup Manager: CVE-2022-36537: Remote Code Execution Vulnerability in ZK Upload

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 26, 2022	Mar 2, 2023	Jun 6, 2023

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 26, 2022

Added

Mar 2, 2023

Modified

Jun 6, 2023

Description

ZK AuUploader servlets contains a security vulnerability which can be exploited to retrieve the content of a file located in the web context. This includes files normally hidden from the user located in WEB-INF, such as web.xml, zk.xml, etc. Vulnerabilities that could allow the ability to execute remote code or directly access confidential data.

Solution

r1soft-cve-2022-36537

References

CVE-2022-36537
https://attackerkb.com/topics/CVE-2022-36537
URL-https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today