Skip to content
May 20, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Linux
  • Malware Attack
  • Open Source Tool
  • Technology
  • Vulnerability
  • Home
  • News
  • Vulnerability
  • CVE-2022-32287: Apache UIMA directory traversal vulnerability
  • Vulnerability

CVE-2022-32287: Apache UIMA directory traversal vulnerability

Ddos November 7, 2022 2 min read
CVE-2022-32287

Apache UIMA released the latest security bulletin on November 3, which contains a directory traversal vulnerability (CVE-2022-32287).

Apache UIMA could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input in a FileUtil class used by the PEAR management component. An attacker could use a specially-crafted archive file to create files outside the designated target directory using carefully crafted ZIP entry names.

Apache Unstructured Information Management applications are software systems that analyze large volumes of unstructured information in order to discover knowledge that is relevant to an end user. An example UIM application might ingest plain text and identify entities, such as persons, places, organizations; or relations, such as works-for or located-at.

CVE-2022-32287

“A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names,” the developers explained in an advisory. “Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.”

CVE-2022-32287 flaw affects Apache UIMA version 3.3.0 and prior versions and was reported by Huangzhicong from the CodeSafe Team of Legendsec at Qi’anxin Group.

In this regard, we recommend that users upgrade Apache UIMA to the latest version (3.3.1) as soon as possible.

Rate this post

Found this helpful?

If this article helped you, please share it with others who might benefit.

Tags: Apache UIMA CVE-2022-32287 Vulnerability

Continue Reading

Previous: How to become an Ethical Hacker?
Next: CVE-2022-33684: Apache Pulsar C++ Client man-in-the-middle attack

Search

💙 Support Us!
We need 50 contributors this month to keep this site running.
14 of 50 supporters this month
☕ Buy Me a Coffee PayPalDonate
Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright © All rights reserved.
    x