Apache Zeppelin SAP Improper Input Validation (0.8.00.10.x)
CVE-2022-47894 Published on April 9, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Vulnerability Analysis
CVE-2022-47894 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2022-47894
Want to know whenever a new CVE is published for Apache Zeppelin? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Zeppelin SAP:- Version 0.8.0 and below 0.11.0 is affected.
- Version 0.8.0 and below 0.11.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.