Home > Vulnerability Database > CVE-2022-47894

Mend.io Vulnerability Database

CVE-2022-47894

Good to know:

Date: April 9, 2024

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Language: Java

Severity Score

5.3

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-47894

Url: https://issues.apache.org/jira/browse/ZEPPELIN-5665

Url: https://github.com/apache/zeppelin/pull/4302

Url: https://github.com/apache/zeppelin

Url: https://github.com/apache/zeppelin/commit/bea51d1467d6103bd8fd68d6a27b14f954d98ec6

Url: https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

Url: http://www.openwall.com/lists/oss-security/2024/04/09/4

Url: https://www.mend.io/vulnerability-database/CVE-2022-47894

Severity Score

5.3

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.zeppelin:sap:0.11.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-47894

Good to know:

Date: April 9, 2024

Language: Java

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?