1. Home
  2. Vulnerabilities
  3. CVE-2023-49566

CVE-2023-49566

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.09 % (40th)
0.09% Progress
Affected Products 1
Advisories 1
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

In Apache Linkis <=1.5.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious

db2

parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. 

This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.

Versions of Apache Linkis

<=1.5.0

will be affected.
We recommend users upgrade the version of Linkis to version 1.6.0.

Weaknesses
CWE-502
Deserialization of Untrusted Data
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Apache Software Foundation
Published Date
2024-07-15 08:15:02
(2 months ago)
Updated Date
2024-07-16 18:06:05
(2 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Linkis from 1.4.0 version and prior 1.6.0 version cpe:2.3:a:apache:linkis >= 1.4.0 < 1.6.0