CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 2, 2023
Description
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
EPSS — Exploit Probability
93.7%
Higher than 99.8% of all CVEs
Required Action
https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735
Risk Assessment
HIGHIn CISA KEV
High EPSS
Details
- Severity
- High
- EPSS
- 93.7%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
May 12, 2023
Added to KEV
May 12, 2023
Remediation Due
Jun 2, 2023