Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-RR59-H6RH-V84V
HistoryApr 09, 2024 - 12:30 p.m.

Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

2024-04-0912:30:47
CWE-20
CWE-611
GitHub Advisory Database
github.com
4
apache zeppelin
sap
xxe
input validation
vulnerability
retired project
alternative
restricted access

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Improper Input Validation vulnerability in Apache Zeppelin SAP. This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected configurations

Vulners
Node
org.apache.zeppelin\Matchsap
CPENameOperatorVersion
org.apache.zeppelin:saplt0.11.0

Related

osv 1
nvd 1
veracode 1
cve 1
cvelist 1
osv
osv
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
2024-04-09 12:30:47
nvd
nvd
CVE-2022-47894
2024-04-09 10:15:08
veracode
veracode
XML External Entity Injection
2024-04-10 11:50:53
cve
cve
CVE-2022-47894
2024-04-09 10:15:08
cvelist
cvelist
CVE-2022-47894 Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
2024-04-09 09:29:17

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for GHSA-RR59-H6RH-V84V
osv1nvd1veracode1cve1cvelist1