CVE-2022-47894

low-risk

Published 2024-04-09

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Do I need to act?

0.28% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Zeppelin

Affected Vendors

Apache

References (6)

Mailing List http://www.openwall.com/lists/oss-security/2024/04/09/4

Issue Tracking https://github.com/apache/zeppelin/pull/4302

Mailing List https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

Mailing List http://www.openwall.com/lists/oss-security/2024/04/09/4

Issue Tracking https://github.com/apache/zeppelin/pull/4302

Mailing List https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal