CVE-2022-36364 Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector

🗓️ 28 Jul 2022 08:35:10Reported by apacheType

CVE-2022-36364 Apache Calcite Avatica JDBC driver `httpclient_impl` RC

Reporter	Title	Published	Views	Family All 26
IBM Security Bulletins	Security Bulletin: Potential vulnerability in Apache Calcite Avatica affects IBM Operations Analytics - Log Analysis (CVE-2022-36364)	22 Nov 202209:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data	14 Aug 202415:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364)	10 Mar 202323:31	–	ibm
ATTACKERKB	CVE-2022-36364	28 Jul 202209:15	–	attackerkb
BDU FSTEC	The vulnerability of the JDBC driver of the Apache Calcite framework allows a hacker to execute arbitrary code.	24 Aug 202200:00	–	bdu_fstec
Chainguard	CVE-2022-36364 vulnerabilities	28 Jul 202209:15	–	cgr
Circl	CVE-2022-36364	28 Jul 202212:18	–	circl
CNNVD	Apache Calcite 安全漏洞	28 Jul 202200:00	–	cnnvd
CNVD	Apache Calcite Code Injection Vulnerability	30 Jul 202200:00	–	cnvd
CVE	CVE-2022-36364	28 Jul 202208:35	–	cve

[
  {
    "product": "Apache Calcite Avatica",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "1.22.0",
        "status": "affected",
        "version": "Apache Calcite Avatica",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/5csdj8bv4h3hfgw27okm84jh1j2fyw0c
openwall	www.openwall.com/lists/oss-security/2022/07/28/1

28 Jul 2022 11:06Current

9.2High risk

Vulners AI Score9.2

EPSS0.02186

CWE-665