HomePentest-Tools.com Logo

Apache Kylin 3.0.1 - Command Injection Vulnerability CVE-2020-1956

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
May 22, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available