CVE-2022-36537
| CVE Published | 2022-08-26 |
|---|---|
| Related Vendor(s) | zkoss |
| Related Product(s) | zk_framework |
| Exploitation Reported (CISA KEV) | 2023-02-27 |
| CVSS 3 Base Score | 7.5 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph