Lucene search
+L

4 matches found

Prion
Prion
added 2022/10/13 1:15 p.m.22 views

Command injection

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

7.5CVSS8.8AI score0.84777EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/06 1:15 p.m.20 views

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

7.5CVSS6.9AI score
Exploits0References3
NVD
NVD
added 2022/01/06 1:15 p.m.35 views

CVE-2021-27738

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS0.02557EPSS
Exploits0References2
Prion
Prion
added 2022/01/06 1:15 p.m.21 views

Design/Logic Flaw

Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

7.5CVSS9.5AI score0.02902EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder