CVE-2022-36537: ZK Framework AuUploader Unspecified Vulnerability. ZK
ZK Framework AuUploader Unspecified Vulnerability. ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
- CISA KEV-listed (remediation due 2023-03-20)
- used in ransomware campaigns
- EPSS 93.9% (99.9% percentile)