March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-37866 – Apache Ivy Vulnerability
November 14, 2022Rewterz Threat Advisory – CVE-2022-31777 – Apache Spark Vulnerability
November 14, 2022Rewterz Threat Advisory – CVE-2022-37866 – Apache Ivy Vulnerability
November 14, 2022Rewterz Threat Advisory – CVE-2022-31777 – Apache Spark Vulnerability
November 14, 2022
Severity
High
Analysis Summary
CVE-2022-32287
Apache UIMA could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input in a FileUtil class used by the PEAR management component. An attacker could use a specially-crafted archive file containing “dot dot” sequences (/../) to create files outside the designated target directory using carefully crafted ZIP entry names.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-32287
Affected Vendors
Apache
Affected Products
- Apache UIMA 3.3.0
Remediation
Upgrade to the latest version of UIMA, available from the Apache Website.