Rewterz Threat Alert – Cuba Ransomware – Active IOCs
February 7, 2022Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
February 8, 2022Rewterz Threat Alert – Cuba Ransomware – Active IOCs
February 7, 2022Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
February 8, 2022Severity
Medium
Analysis Summary
CVE-2022-22931
Apache James could allow a remote authenticated attacker to traverse directories on the system, caused by not prepend delimiters during directory validations. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to access other users data stores.
Impact
- Unauthorized Access
Indicators of Compromise
CVE
- CVE-2022-22931
Affected Vendors
Apache
Affected Products
- Apache James 3.6.1
Remediation
Upgrade to the latest version of Apache James, available from the Apache Web site.