CVE-2022-40664Improper Authentication in Software Foundation Apache Shiro

CWE-287Improper Authentication8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 29.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ShiroApache Shiro
Timeline
PublishedOct 12
Latest updateJan 15

Description

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/shiro< 1.10.0
CVEListV5apache_software_foundation/apache_shiroApache Shiro1.10.0

🔴Vulnerability Details

4
GHSA
Apache Shiro Authentication Bypass vulnerability2022-10-12
CVEList
Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher2022-10-12
OSV
CVE-2022-40664: Apache Shiro before 12022-10-12
OSV
Apache Shiro Authentication Bypass vulnerability2022-10-12

📋Vendor Advisories

3
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: WebCenter Sites (Apache Shiro) — CVE-2022-406642023-01-15
Red Hat
shiro: Authentication Bypass Vulnerability2022-10-12
Debian
CVE-2022-40664: shiro - Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when fo...2022
CVE-2022-40664 — Improper Authentication | cvebase