CVE-2022-31764
CVE-2022-31764 is a high-severity vulnerability in Apache Shardingsphere Elasticjob-ui with a CVSS 3.x base score of 8.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-913.
Key facts
- Severity: High (CVSS 3.x base score 8.5)
- EPSS exploit prediction: 1% (48th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2022-54255
- Weakness: CWE-913
- Affected product: Apache Shardingsphere Elasticjob-ui
- Published:
- Last modified:
Description
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Frequently asked questions
- What is CVE-2022-31764?
- The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
- How severe is CVE-2022-31764?
- CVE-2022-31764 has a CVSS 3.x base score of 8.5, rated high severity. It is exploitable over network with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-31764 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (48th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-31764?
- CVE-2022-31764 affects Apache Shardingsphere Elasticjob-ui. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-31764?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2022-31764 have an EU (EUVD) identifier?
- Yes. CVE-2022-31764 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2022-54255.
- When was CVE-2022-31764 published?
- CVE-2022-31764 was published on 2025-02-06 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:apache:shardingsphere_elasticjob-ui:*:*:*:*:*:*:*:*
More vulnerabilities in Apache Shardingsphere Elasticjob-ui
- CVE-2022-22733 — Medium (CVSS 6.5): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows…
All CVEs affecting Apache Shardingsphere Elasticjob-ui →
Other CWE-913 vulnerabilities
- CVE-2026-47208 — Critical (CVSS 10.0): vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout…
- CVE-2026-47137 — Critical (CVSS 10.0): vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903)…
- CVE-2026-47131 — Critical (CVSS 10.0): vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining…
- CVE-2023-29017 — Critical (CVSS 10.0): vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was…
- CVE-2022-36067 — Critical (CVSS 10.0): vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version…
- CVE-2026-34156 — Critical (CVSS 9.9): NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior…