5 matches found
Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data
Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...
Security Bulletin: Potential vulnerability in Apache Calcite Avatica affects IBM Operations Analytics - Log Analysis (CVE-2022-36364)
Summary Prior to version 1.22.0 vulnerability in Apache Calcite Avatica allow a remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-36364 DESCRIPTION: Apache Calcite Avatica could allow a remote attacker to execute arbitrary code on t...
CVE-2022-36364 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2022-36364 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2022-36364
Apache Calcite Avatica JDBC driver is affected by CVE-2022-36364 due to insecure dynamic instantiation of httpclient_impl classes without validating they implement the expected interface, enabling potential code execution loaded from arbitrary classes. The issue is addressed starting with Avatica...