CVE-2022-36537

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager. Vendor/Product: ZK Framework AuUploader. Added to CISA KEV 2023-02-27; required action: Apply updates per vendor instructions.