Lucene search
F5F5:K13249530HistoryOct 24, 2022 - 12:00 a.m.
K13249530 : Apache Kylin vulnerability CVE-2022-24697
2022-10-2400:00:00
my.f5.com
11
apache kylin
command injection
vulnerability
Security Advisory Description
Kylin’s cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier. (CVE-2022-24697)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
cve
cve
CVE-2022-24697
2022-10-13 13:15:09
CVE-2022-43396
2022-12-30 11:15:10
cvelist
cvelist
prion
prion
Command injection
2022-10-13 13:15:00
Input validation
2022-12-30 11:15:00
veracode
veracode
Command Injection
2022-10-14 09:35:28
osv
osv
CVE-2022-24697
2022-10-13 13:15:09
Apache Kylin vulnerable to remote code execution
2023-07-06 19:24:01
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25
nvd
nvd
CVE-2022-24697
2022-10-13 13:15:09
CVE-2022-43396
2022-12-30 11:15:10
github
github
Apache Kylin vulnerable to remote code execution
2023-07-06 19:24:01
Apache Kylin vulnerable to Command injection by Useless configuration
2022-12-30 12:30:25