26Oca
Understanding criticality of CVE 2022-45143 [closed]
I am failing to understand why this CVE in Apache Tomcat is rated as High.
Here is the CVE in NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45143
According to a medium article: This vulnerability is caused by a flaw in the way the software handles error reports, which can allow an attacker to inject malicious code into the error reports and potentially take control of the affected system.
I read the source code and the fix and I still cannot see how the integrity impact score in CVSS v3 can be set to High.
This made me wonder, was it really worth it to even have a CVE for that ? How many CVE are overrated like this one just because the guy who reported it wanted to rate his CVE as high ?
