Vulnerabilities > Apache > Kylin > 3.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-29055 | Unspecified vulnerability in Apache Kylin In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. | 7.5 |
| 2022-12-30 | CVE-2022-43396 | Unspecified vulnerability in Apache Kylin In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. | 8.8 |
| 2022-12-30 | CVE-2022-44621 | Command Injection vulnerability in Apache Kylin Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. | 9.8 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 9.8 |
| 2022-01-06 | CVE-2021-45457 | Incorrect Authorization vulnerability in Apache Kylin In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. | 7.5 |
| 2022-01-06 | CVE-2021-45458 | Use of Insufficiently Random Values vulnerability in Apache Kylin Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. | 7.5 |