23 matches found
Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)
The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...
Remote code execution
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...
SQL Injection in Kylin
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...
Command Injection in Kylin
Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...
Veeam Service Provider Console v4 Patch 2
Challenge Veeam Service Provider Console v4 Patch 2. Cause Please confirm you are running version 4.0.0.4877 or later before installing this Patch 2. You can check this by logging in to the backup portal and navigating to Configuration Support Information tab. After upgrading, your server build...
Veeam Service Provider Console v4 Patch 1 (build 4911)
Challenge Veeam Service Provider Console v4 Patch 1. This patch is superseded by the Patch 2 Cause Please confirm you are running version 4.0.0.4877 before installing this Patch 1. You can check this under Windows Programs and features. After upgrading, your build will be version 4.0.0.4911. As a...
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...
CVE-2020-1956
Apache Kylin CVE-2020-1956 affects 2.3.0 and releases up to 2.6.5 and 3.0.1, where REST APIs concatenate user input into OS commands, enabling likely remote code execution with high impact. Connected documents confirm vulnerable versions and the underlying command injection in the REST layer; som...
CVE-2020-1956
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
PT-2020-4073 · Apache · Apache Kylin
Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.3.0 through 2.6.5 Apache Kylin version 3.0.1 Description: The issue is related to the RESTful APIs in Apache Kylin, which concatenate OS commands with user input strings without proper protection or validation, allowin...
CVE-2020-1937
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...
CVE-2020-1937
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...
CVE-2020-1937
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...
Veeam Availability Console v3 Patch 4 (build 2795)
Challenge Veeam Availability Console v3 Patch 4 build 2795. This update supersedes Veeam Availability Console v3 Patch 3 build 2762. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 4. You can check this under Windows Programs and features. After...
Veeam Availability Console v3 Patch 3 (build 2762)
Challenge Veeam Availability Console v3 Patch 3 build 2762. This update supersedes Veeam Availability Console v3 Patch 2 build 2725. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 3. You can check this under Windows Programs and features. After...
Veeam Availability Console v3 Patch 2 (build 2725)
Challenge Veeam Availability Console v3 Patch 2 build 2725. This update supersedes Veeam Availability Console v3 Patch 1 build 2703. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 2. You can check this under Windows Programs and features. After...
Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions
Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...
Veeam Availability Console U1 Cumulative Patch 1913
Challenge Veeam Availability Console U1 Cumulative Patch 1913. This update supersedes Veeam Availability Console U1 Cumulative Patch 1850. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1913. You can check this under Windows Programs and...