CVE-2022-36537
ZK Framework AuUploader Unspecified Vulnerability
CVSS
—
No CVSS
EPSS
95.3%
p100
KEV
YES
Feb 27, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
ZK Framework / AuUploader
Vulnerability
ZK Framework AuUploader Unspecified Vulnerability
Added to KEV
Feb 27, 2023
Remediate by
Mar 20, 2023
Known ransomware use
Yes
Summary description
ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
Required action
Apply updates per vendor instructions.
Notes
https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537
No related CVEs by CWE or product.