Is CVE-2022-24697 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Kylin

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- co…

EPSS: 0.848 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Kylin — versions Apache Kylin 2, Apache Kylin 3, Apache Kylin 4

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

lists.apache.org/thread/07mnn9c7o314wrhrwjr10w9j5s82voj4
[oss-security] 20221230 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration (mailing-list)

Frequently asked questions

What is CVE-2022-24697?: CVE-2022-24697 is a vulnerability in Apache Software Foundation Kylin. Published 2022-10-13.
Is CVE-2022-24697 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.