Severity Rating: HIGH
Software Affected
Apache Kylin: 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2,
2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 3.0.0, 3.0.0-alpha, 3.0.0-alpha2,
3.0.0-beta
Overview
A vulnerability hs been reported in Apache Kylin which could allow an
attacker to execute malicious database queries on the targeted system.
Description
This Vulnerability exists in Apache Kylin due to improper validating input
by the affected REST Full API software. A remote unauthenticated attacker
could exploit this vulnerability by passing specially crafted data to the
application and execute arbitrary OS commands on the targeted system.
Successful exploitation of this vulnerability may result in complete
compromise of vulnerable system.
Solution
Upgrade to 3.0.1 or 2.6.5 as mentioned in Kylin Apache Bulletin:
Vendor Information
Kylin Apache
References
Cyber Security Help
CVE Name
CVE-2020-1956
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.