Vulnerability Details CVE-2022-36537
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.94
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 7.5
Proposed Action
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
Ransomware Campaign
Known
References
Products affected by CVE-2022-36537
-
cpe:2.3:a:zkoss:zk_framework:5.0.0
-
cpe:2.3:a:zkoss:zk_framework:5.0.1
-
cpe:2.3:a:zkoss:zk_framework:5.0.1.1
-
cpe:2.3:a:zkoss:zk_framework:5.0.10
-
cpe:2.3:a:zkoss:zk_framework:5.0.11
-
cpe:2.3:a:zkoss:zk_framework:5.0.12
-
cpe:2.3:a:zkoss:zk_framework:5.0.13
-
cpe:2.3:a:zkoss:zk_framework:5.0.2
-
cpe:2.3:a:zkoss:zk_framework:5.0.2.1
-
cpe:2.3:a:zkoss:zk_framework:5.0.3
-
cpe:2.3:a:zkoss:zk_framework:5.0.4
-
cpe:2.3:a:zkoss:zk_framework:5.0.5
-
cpe:2.3:a:zkoss:zk_framework:5.0.6
-
cpe:2.3:a:zkoss:zk_framework:5.0.7
-
cpe:2.3:a:zkoss:zk_framework:5.0.7.1
-
cpe:2.3:a:zkoss:zk_framework:5.0.7.1.1
-
cpe:2.3:a:zkoss:zk_framework:5.0.8
-
cpe:2.3:a:zkoss:zk_framework:5.0.9
-
cpe:2.3:a:zkoss:zk_framework:6.0.0
-
cpe:2.3:a:zkoss:zk_framework:6.0.1
-
cpe:2.3:a:zkoss:zk_framework:6.0.2
-
cpe:2.3:a:zkoss:zk_framework:6.0.2.1
-
cpe:2.3:a:zkoss:zk_framework:6.0.3
-
cpe:2.3:a:zkoss:zk_framework:6.0.3.1
-
cpe:2.3:a:zkoss:zk_framework:6.0.4
-
cpe:2.3:a:zkoss:zk_framework:6.0.5
-
cpe:2.3:a:zkoss:zk_framework:6.5.0
-
cpe:2.3:a:zkoss:zk_framework:6.5.1
-
cpe:2.3:a:zkoss:zk_framework:6.5.1.1
-
cpe:2.3:a:zkoss:zk_framework:6.5.2
-
cpe:2.3:a:zkoss:zk_framework:6.5.3
-
cpe:2.3:a:zkoss:zk_framework:6.5.4
-
cpe:2.3:a:zkoss:zk_framework:6.5.4.1
-
cpe:2.3:a:zkoss:zk_framework:6.5.5
-
cpe:2.3:a:zkoss:zk_framework:6.5.6
-
cpe:2.3:a:zkoss:zk_framework:6.5.7
-
cpe:2.3:a:zkoss:zk_framework:6.5.7.1
-
cpe:2.3:a:zkoss:zk_framework:6.5.8
-
cpe:2.3:a:zkoss:zk_framework:6.5.8.1
-
cpe:2.3:a:zkoss:zk_framework:6.5.8.2
-
cpe:2.3:a:zkoss:zk_framework:7.0.0
-
cpe:2.3:a:zkoss:zk_framework:7.0.1
-
cpe:2.3:a:zkoss:zk_framework:7.0.2
-
cpe:2.3:a:zkoss:zk_framework:7.0.3
-
cpe:2.3:a:zkoss:zk_framework:7.0.3.1
-
cpe:2.3:a:zkoss:zk_framework:7.0.3.2
-
cpe:2.3:a:zkoss:zk_framework:7.0.4
-
cpe:2.3:a:zkoss:zk_framework:7.0.5
-
cpe:2.3:a:zkoss:zk_framework:7.0.5.1
-
cpe:2.3:a:zkoss:zk_framework:7.0.5.2
-
cpe:2.3:a:zkoss:zk_framework:7.0.6
-
cpe:2.3:a:zkoss:zk_framework:7.0.6.1
-
cpe:2.3:a:zkoss:zk_framework:7.0.7
-
cpe:2.3:a:zkoss:zk_framework:7.0.8
-
cpe:2.3:a:zkoss:zk_framework:7.0.8.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.0
-
cpe:2.3:a:zkoss:zk_framework:8.0.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.1.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.2
-
cpe:2.3:a:zkoss:zk_framework:8.0.2.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.2.2
-
cpe:2.3:a:zkoss:zk_framework:8.0.3
-
cpe:2.3:a:zkoss:zk_framework:8.0.3.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.4
-
cpe:2.3:a:zkoss:zk_framework:8.0.4.1
-
cpe:2.3:a:zkoss:zk_framework:8.0.4.2
-
cpe:2.3:a:zkoss:zk_framework:8.0.5
-
cpe:2.3:a:zkoss:zk_framework:8.5.0
-
cpe:2.3:a:zkoss:zk_framework:8.5.0.1
-
cpe:2.3:a:zkoss:zk_framework:8.5.1
-
cpe:2.3:a:zkoss:zk_framework:8.5.1.1
-
cpe:2.3:a:zkoss:zk_framework:8.5.1.2
-
cpe:2.3:a:zkoss:zk_framework:8.5.1.3
-
cpe:2.3:a:zkoss:zk_framework:8.5.2
-
cpe:2.3:a:zkoss:zk_framework:8.5.2.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.0
-
cpe:2.3:a:zkoss:zk_framework:8.6.0.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.0.2
-
cpe:2.3:a:zkoss:zk_framework:8.6.0.2.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.2
-
cpe:2.3:a:zkoss:zk_framework:8.6.2.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.3
-
cpe:2.3:a:zkoss:zk_framework:8.6.3.1
-
cpe:2.3:a:zkoss:zk_framework:8.6.4
-
cpe:2.3:a:zkoss:zk_framework:8.6.4.1
-
cpe:2.3:a:zkoss:zk_framework:9.0.0
-
cpe:2.3:a:zkoss:zk_framework:9.0.0.1
-
cpe:2.3:a:zkoss:zk_framework:9.0.1
-
cpe:2.3:a:zkoss:zk_framework:9.0.1.1
-
cpe:2.3:a:zkoss:zk_framework:9.0.1.2
-
cpe:2.3:a:zkoss:zk_framework:9.5.0
-
cpe:2.3:a:zkoss:zk_framework:9.5.0.1
-
cpe:2.3:a:zkoss:zk_framework:9.5.0.2
-
cpe:2.3:a:zkoss:zk_framework:9.5.0.3
-
cpe:2.3:a:zkoss:zk_framework:9.5.1
-
cpe:2.3:a:zkoss:zk_framework:9.5.1.1
-
cpe:2.3:a:zkoss:zk_framework:9.5.1.2
-
cpe:2.3:a:zkoss:zk_framework:9.6.0
-
cpe:2.3:a:zkoss:zk_framework:9.6.0.1
-
cpe:2.3:a:zkoss:zk_framework:9.6.0.2
-
cpe:2.3:a:zkoss:zk_framework:9.6.1