Wiz
Vulnerability DatabaseCVE-2022-45462

CVE-2022-45462
Java vulnerability analysis and mitigation

Overview

Apache DolphinScheduler versions prior to 2.0.5 contain a command execution vulnerability (CVE-2022-45462). The vulnerability exists in the alarm instance management functionality where command injection is possible when specific commands are configured. This security issue affects only authenticated users (Apache List, OSS Security).

Technical details

The vulnerability is classified as a command injection flaw in the alarm instance management component of Apache DolphinScheduler. The issue occurs when specific commands are configured in the system, allowing authenticated users to execute arbitrary commands. The vulnerability has been assigned a CVSS score of 9.8, indicating critical severity (NVD).

Impact

The vulnerability allows authenticated users to execute arbitrary commands on the affected system through the alarm instance management functionality. This could potentially lead to unauthorized system access and control (NVD).

Mitigation and workarounds

Users are recommended to upgrade to Apache DolphinScheduler version 2.0.6 or higher to address this vulnerability. This version contains the necessary security fixes to prevent command injection in the alarm instance management functionality (OSS Security).

Additional resources

SourceThis report was generated using AI

Related Java vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-26866HIGH8.8
  • JavaJava
  • org.apache.hugegraph:hg-pd-core
NoYesDec 12, 2025
CVE-2025-54981HIGH7.5
  • JavaJava
  • org.apache.streampark:streampark
NoYesDec 12, 2025
CVE-2025-67721MEDIUM6.3
  • JavaJava
  • trino
NoYesDec 12, 2025
CVE-2025-53960MEDIUM5.9
  • JavaJava
  • org.apache.streampark:streampark
NoYesDec 12, 2025
CVE-2025-54947MEDIUM5.3
  • JavaJava
  • org.apache.streampark:streampark
NoYesDec 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo