CVE-2021-27644 Vulnerability Details

  /     /     /  

CVE-2021-27644 Metadata Quick Info

CVE Published: 01/11/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: apache | Vendor: Apache Software Foundation | Product: Apache DolphinScheduler
Status : PUBLISHED

---

CVE-2021-27644 Description

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-264
CWE Name: CWE-264 Permissions, Privileges, and Access Controls
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).