Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheKylin*

2 matches found

CVE
CVEadded 2022/12/30 10:30 a.m.115 views

CVE-2022-43396

CVE-2022-43396 involves a command injection in Apache Kylin caused by a blacklist bypass in the configuration parameter kylin.engine.spark-cmd (conf). The vulnerability arises from allowing attackers to influence the command line, enabling arbitrary OS command execution via cube designer/command ...

8.8CVSS9.2AI score0.56844EPSS
CVE
CVEadded 2022/12/30 10:31 a.m.96 views

CVE-2022-44621

CVE-2022-44621 relates to Apache Kylin and concerns the Diagnosis Controller. The underlying issue is missing parameter validation in the controller, enabling potential command injection through HTTP requests. Multiple sources describe this as a high-severity, remote-execution risk (CVSS v3.1 bas...

9.8CVSS9.8AI score0.0299EPSS