Return
-
Title
Apache Tomcat JsonErrorReportValve injection vulnerability (CVE-2022-45143) -
Description
A security scan identified the following vulnerability for Apache Tomcat in the Foglight installation:
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.Is Foglight affected by this vulnerability?
-
Cause
https://nvd.nist.gov/vuln/detail/CVE-2022-45143 -
Resolution
The scanner is identifying the Apache Tomcat version included with the Foglight installation.
Quest R&D has determined that Foglight installations are not affected by the Apache Tomcat JsonErrorReportValve injection vulnerability (CVE-2022-45143) because Foglight does not use the org.apache.catalina.valves.JsonErrorReportValve class.