{
  "threat_severity" : "Moderate",
  "public_date" : "2022-01-26T00:00:00Z",
  "bugzilla" : {
    "description" : "tomcat: local privilege escalation vulnerability",
    "id" : "2047417",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2047417"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-367",
  "details" : [ "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore." ],
  "statement" : "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the `pki-servlet-engine` component. This component embeds a version of Tomcat which is not affected by this flaw, as it does not include the fix for CVE-2020-9484. Additionally, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of `pki-servlet-engine` outside of these contexts is not supported.",
  "acknowledgement" : "Upstream acknowledges Trung Pham (Viettel Cyber Security) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "JWS 5.7.0",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7273",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5.7",
    "package" : "tomcat"
  }, {
    "product_name" : "Red Hat Fuse 7.11",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5532",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7",
    "package" : "tomcat",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5.7 on RHEL 7",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7272",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7",
    "package" : "jws5-tomcat-0:9.0.62-9.redhat_00005.1.el7jws"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5.7 on RHEL 8",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7272",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8",
    "package" : "jws5-tomcat-0:9.0.62-9.redhat_00005.1.el8jws"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5.7 on RHEL 9",
    "release_date" : "2022-11-02T00:00:00Z",
    "advisory" : "RHSA-2022:7272",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9",
    "package" : "jws5-tomcat-0:9.0.62-9.redhat_00005.1.el9jws"
  }, {
    "product_name" : "Spring Boot 2.7.2.SP1",
    "release_date" : "2023-02-06T00:00:00Z",
    "advisory" : "RHSA-2023:0272",
    "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0",
    "package" : "tomcat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Not affected",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "tomcat6",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "tomcat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "pki-deps:10.6/pki-servlet-engine",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "pki-servlet-engine",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat JBoss Data Grid 6",
    "fix_state" : "Out of support scope",
    "package_name" : "jbossweb",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:6"
  }, {
    "product_name" : "Red Hat JBoss Data Virtualization 6",
    "fix_state" : "Out of support scope",
    "package_name" : "jbossweb",
    "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "jbossweb",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6",
    "fix_state" : "Out of support scope",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3",
    "fix_state" : "Out of support scope",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Out of support scope",
    "package_name" : "opendaylight",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "opendaylight",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Not affected",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-23181\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23181\nhttps://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9" ],
  "name" : "CVE-2022-23181",
  "csaw" : false
}