Lucene search
Veracode Vulnerability DatabaseVERACODE:46384HistoryApr 12, 2024 - 11:39 a.m.
Code Injection
2024-04-1211:39:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
apache zeppelin
code injection
mysql
jdbc
security vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
15.5%
Apache Zeppelin is vulnerable to a Code Injection. The vulnerability is due to improper verification of the JDBC driver configuration which allows an attacker to inject malicious code when connecting MySQL database.
References
Related
cnvd
cnvd
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
2024-04-11 00:00:00
cve
cve
CVE-2024-31864
2024-04-09 16:15:08
cvelist
cvelist
nvd
nvd
CVE-2024-31864
2024-04-09 16:15:08
vulnrichment
vulnrichment
github
github
osv
osv
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
15.5%
Related for VERACODE:46384