CVE-2022-47894
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Zeppelin SAP | 0.8.0 < 0.11.0 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/apache/zeppelin/pull/4302
- https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy
- http://www.openwall.com/lists/oss-security/2024/04/09/4
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/apache/zeppelin/pull/4302
- https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy
- http://www.openwall.com/lists/oss-security/2024/04/09/4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.