CVE-2021-36774 - Vulnerability Details - OpenCVE

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Kylin

Configuration 1 [-]

OR	cpe:2.3:a:apache:kylin::::::::
	cpe:2.3:a:apache:kylin::::::::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/01/06/5
https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-01-06T12:35:20

Updated: 2024-08-04T01:01:59.491Z

Reserved: 2021-07-19T00:00:00

Link: CVE-2021-36774

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-06T13:15:08.080

Modified: 2024-11-21T06:14:04.217

Link: CVE-2021-36774

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Kylin", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.6.6", "status": "affected", "version": "Apache Kylin 2", "versionType": "custom"}, {"lessThanOrEqual": "3.1.2", "status": "affected", "version": "Apache Kylin 3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "jinchen sheng <jincsheng@gmail.com>"}], "descriptions": [{"lang": "en", "value": "Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions."}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "remote command/code execute", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-06T15:06:06", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow"}, {"name": "[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/06/5"}], "source": {"discovery": "UNKNOWN"}, "title": "Mysql JDBC Connector Deserialize RCE", "workarounds": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x should upgrade to 3.1.3 or apply patch https://github.com/apache/kylin/pull/1694."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-36774", "STATE": "PUBLIC", "TITLE": "Mysql JDBC Connector Deserialize RCE"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Kylin", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache Kylin 2", "version_value": "2.6.6"}, {"version_affected": "<=", "version_name": "Apache Kylin 3", "version_value": "3.1.2"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "jinchen sheng <jincsheng@gmail.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote command/code execute"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow", "refsource": "MISC", "url": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow"}, {"name": "[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/06/5"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Users of Kylin 2.x & Kylin 3.x should upgrade to 3.1.3 or apply patch https://github.com/apache/kylin/pull/1694."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:01:59.491Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow"}, {"name": "[oss-security] 20220106 CVE-2021-36774: Apache Kylin: Mysql JDBC Connector Deserialize RCE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/06/5"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-36774", "datePublished": "2022-01-06T12:35:20", "dateReserved": "2021-07-19T00:00:00", "dateUpdated": "2024-08-04T01:01:59.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ED3ED46-D80F-4D42-9973-9F075B946351", "versionEndIncluding": "2.6.6", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E3780DD-1577-4A26-91B0-7A8687D257CD", "versionEndIncluding": "3.1.2", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions."}, {"lang": "es", "value": "Apache Kylin permite a usuarios leer datos de otros sistemas de bases de datos usando JDBC. El controlador JDBC de MySQL soporta determinadas propiedades que, si no son mitigadas, pueden permitir a un atacante ejecutar c\u00f3digo arbitrario desde un servidor MySQL malicioso controlado por un hacker dentro de los procesos del servidor Kylin. Este problema afecta a Apache Kylin 2 versiones 2.6.6 y anteriores; Apache Kylin 3 versiones 3.1.2 y anteriores."}], "id": "CVE-2021-36774", "lastModified": "2024-11-21T06:14:04.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-06T13:15:08.080", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/06/5"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/lchpcvoolc6w8zc6vo1wstk8zbfqv2ow"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}