Rewterz Threat Alert – Donot APT Group – Active IOCs
November 14, 2022Rewterz Threat Advisory – CVE-2022-32287 – Apache UIMA Vulnerability
November 14, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
November 14, 2022Rewterz Threat Advisory – CVE-2022-32287 – Apache UIMA Vulnerability
November 14, 2022Severity
High
Analysis Summary
CVE-2022-37866
Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to overwrite arbitrary files on the system.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-37866
Affected Vendors
Apache
Affected Products
- Apache Ivy 2.5.0
- Apache Ivy 2.2.0
Remediation
Upgrade to the latest version of Apache Ivy, available from the Apache Website.