CVE-2022-44621
CRITICAL WAF: High
CVSS 9.8
Published: 2022-12-30
CWE-77 CWE-77
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apache | kylin | up to 4.0.3 |
References
- lists.apache.org (Mailing List, Patch, Vendor Advisory)