New CVE Marked High Severity w/ Kadi Grigg - It’s

Описание: Subscribe and follow: https://bit.ly/listen-on-all-podcast-.... View the transcription, find links to resources mentioned in this segment.

Another day, another CVE to report on.
On February 28th, 2023, NIST added CVE-2022-36537, as a high severity flaw impacting the ZK framework with several versions being impacted. Don’t worry, we’ll give you the exact versions and the resources. The latest impact of this high severity call out is enabling attackers to access sensitive information. In addition, CISA has also added this CVE to their Known Exploited Vulnerabilities Catalog based on various White Hat hackers finding ways to pivot the information disclosure CVE into an attack that allowed remote . Code execution and subsequent control of systems.
In CISA’s description of the flaw, they mentioned “ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context.”
As author Bill Toulas says, “The ZK framework is Ajax web app framework written in Java that enables developers to create graphical user interfaces for web applications with minimal effort and programming knowledge.” Thus making the popular frameworks flaw widespread and far reaching.
Check out more on the CVE and the resources.
This is Kadi Grigg in Alexandria, Virginia.

#its505 #cybersecurity #opensource #CVE #NIST