Vulnerability Details CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.
The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.6%
CVSS Severity
CVSS v3 Score 8.5
Products affected by CVE-2022-31764
-
cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.0
-
cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.1