Is SMG vulnerable to CVE-2022-45143
search cancel

Is SMG vulnerable to CVE-2022-45143

book

Article ID: 266998

calendar_today

Updated On:

Products

Messaging Gateway for Service Providers Messaging Gateway

Issue/Introduction

JsonErrorReportValve in Apache Tomcat.

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances, these are constructed from user-provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

 

Resolution

SMG does not use or implement the JsonErrorReportValve, hence it cannot be considered vulnerable to this CVE.

 

Powered by Wolken Software