Detections
Analytics

CVE-2022-47894

medium

Description

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

https://lists.apache.org/thread/csf4k73kkn3nx58pm0p2qrylbox4fvyy

https://github.com/apache/zeppelin/pull/4302

http://www.openwall.com/lists/oss-security/2024/04/09/4

Details

Source: Mitre, NVD

Published: 2024-04-09

Updated: 2025-05-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00193