CVE-2022-44621

Summary

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache KylinApache Kylin 4 <= 4.0.2affected

Weaknesses

  • Command injection

Workarounds

Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch https://github.com/apache/kylin/pull/2011 https://github.com/apache/kylin/pull/2011

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References