Apache Kylin command execution | CVE-2022-44621

DESCRIPTION

Apache Kylin could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper parameter validation flaw in the Diagnosis Controller. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVSS 3.0 Information

Privileges Required: Low
User Interaction: None
Scope: Unchanged
Access Vector: Network

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

To keep up to date follow us on the below channels.

Click Above for Telegram

Click Above for Discord

Click Above for Reddit

Click Above For LinkedIn
NAME

Apache Kylin command execution
- Platforms Affected:
  Apache Kylin 3.0.0
  Apache Kylin 2.0.0
  Apache Kylin 4.0.0
- Risk Level:
  8.8
- Exploitability:
  Unproven
- Consequences:
  Gain Access
DESCRIPTION

Apache Kylin could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper parameter validation flaw in the Diagnosis Controller. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
  
  A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
  
  If you like the site, please support us on Patreon using the button below
  
  To keep up to date follow us on the below channels.
  
  Click Above for Telegram
  
  Click Above for Discord
  
  Click Above for Reddit
  
  Click Above For LinkedIn
  
  Tags: CVE, CVE-2022-44621, Gain Access
  
  Continue Reading
  
  Previous memos cross-site request forgery | CVE-2022-4848
  Next Daily Vulnerability Trends: Thu Jan 05 2023

Apache Kylin command execution | CVE-2022-44621

DESCRIPTION

NAME

DESCRIPTION

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and Partners Release Advisory on RansomHub Ransomware

CISA: Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-39717

DESCRIPTION

NAME

DESCRIPTION

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA and Partners Release Advisory on RansomHub Ransomware

CISA: Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-39717