← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-36537 — Actively Exploited: AuUploader (ZK Framework)

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Back

CVE IDCVE-2022-36537
VendorZK Framework
ProductAuUploader
Vulnerability nameZK Framework AuUploader Unspecified Vulnerability
Date added2023-02-27
Remediation due2023-03-20
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →