CVE-2022-4594 - Vulnerability Details - OpenCVE

A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Tjws2 Project	Tjws2

Configuration 1 [-]

cpe:2.3:a:tjws2_project:tjws2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc
https://vuldb.com/?id.216187

History

Tue, 15 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-18T00:00:00.000Z

Updated: 2025-04-15T12:58:58.283Z

Reserved: 2022-12-18T00:00:00.000Z

Link: CVE-2022-4594

Vulnrichment

Updated: 2024-08-03T01:41:45.723Z

NVD

Status : Modified

Published: 2022-12-18T08:15:09.777

Modified: 2024-11-21T07:35:33.683

Link: CVE-2022-4594

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4594", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2025-04-15T12:58:58.283Z", "dateReserved": "2022-12-18T00:00:00.000Z", "datePublished": "2022-12-18T00:00:00.000Z"}, "containers": {"cna": {"title": "drogatkin TJWS2 WarRoller.java deployWar path traversal", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187."}], "affected": [{"vendor": "drogatkin", "product": "TJWS2", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc"}, {"url": "https://vuldb.com/?id.216187"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Path Traversal", "cweId": "CWE-22"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.723Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216187", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T17:01:47.487415Z", "id": "CVE-2022-4594", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T12:58:58.283Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4594", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2025-04-15T12:58:58.283Z", "dateReserved": "2022-12-18T00:00:00.000Z", "datePublished": "2022-12-18T00:00:00.000Z"}, "containers": {"cna": {"title": "drogatkin TJWS2 WarRoller.java deployWar path traversal", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-12-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187."}], "affected": [{"vendor": "drogatkin", "product": "TJWS2", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc"}, {"url": "https://vuldb.com/?id.216187"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Path Traversal", "cweId": "CWE-22"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.723Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.216187", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4594", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T17:01:47.487415Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T17:01:49.206Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tjws2_project:tjws2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F21FEF50-B7F1-473A-85FA-4BDEBB2E55B8", "versionEndExcluding": "2022-05-24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en drogatkin TJWS2. Ha sido declarada cr\u00edtica. La funci\u00f3n desplegarWar del archivo 1.x/src/rogatkin/web/WarRoller.java es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a path traversal. El ataque se puede lanzar de forma remota. El nombre del parche es 1bac15c496ec54efe21ad7fab4e17633778582fc. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216187."}], "id": "CVE-2022-4594", "lastModified": "2024-11-21T07:35:33.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-12-18T08:15:09.777", "references": [{"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc"}, {"source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.216187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/drogatkin/TJWS2/commit/1bac15c496ec54efe21ad7fab4e17633778582fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.216187"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}