CVE-2022-45143 : The JsonErrorReportValve class in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values.
In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
Release : 10.1
CVE-2022-45143 is a security vulnerability that affects certain versions of the Apache Tomcat Servlet Container.
The vulnerability is related to the way the 'JsonErrorReportValve' class in the Tomcat container processes JSON data.
An attacker could exploit this vulnerability by sending a specially crafted JSON request to a vulnerable Tomcat server.
This could allow the attacker to execute arbitrary code on the server, potentially leading to a complete compromise of the system.
Broadcom API Gateway 10.1 uses Apache Tomcat version 9.0.62, which was reported to be a release affected by this vulnerability.
However API Gateway product is NOT affected because it does not make use of the 'JsonErrorReportValve' class.
This means that the vulnerability cannot be exploited against API Gateway 10.1.