9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-32533

GHSA ID

GHSA-h975-r69h-4w9p

EPSS Score

0.85874%

CWE

CWE-79

Published

7/7/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-32533

CVE-2022-32533: Insufficient user input in Apache Jetspeed-2

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-32533

GHSA ID

GHSA-h975-r69h-4w9p

EPSS Score

0.85874%

CWE

CWE-79

Published

7/7/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.portals.jetspeed-2:jetspeed-commons	maven	<= 2.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

** UNSUPPORT** W**N *SSI*N** ** *p**** J*tsp***-* *o*s not su**i*i*ntly *ilt*r untrust** us*r input *y ****ult l***in* to * num**r o* issu*s in*lu*in* XSS, *SR*, XX*, *n* SSR*. S*ttin* t** *on*i*ur*tion option "xss.*ilt*r.post = tru*" m*y miti**t* t*

Reasoning

No *n*lysis *v*il**l*

9.8

Basic Information

Concerned about an active attack path?

CVE-2022-32533: Insufficient user input in Apache Jetspeed-2

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI