Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-21823
HistoryMar 11, 2022 - 12:00 a.m.

Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)

2022-03-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7

0.001 Low

EPSS

Percentile

19.1%

JSON

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program’s use of a custom mutual authentication protocol that allows fully encrypted key recovery, which can be exploited by an attacker to decrypt plaintext traffic offline.

CPENameOperatorVersion
apache sparkle3.1.2

Related

osv 4
veracode 1
prion 1
cvelist 1
cve 1
github 1
nvd 1
ibm 1
oracle 1
osv
osv
BIT-spark-2021-38296
2024-03-06 11:05:47
PYSEC-2022-186
2022-03-10 09:15:00
CVE-2021-38296
2022-03-10 09:15:07
veracode
veracode
Information Disclosure
2022-03-11 10:49:07
prion
prion
Authentication flaw
2022-03-10 09:15:00
cvelist
cvelist
CVE-2021-38296 Apache Spark Key Negotiation Vulnerability
2022-03-10 08:20:12
cve
cve
CVE-2021-38296
2022-03-10 09:15:07
github
github
Authentication Bypass by Capture-replay in Apache Spark
2022-03-11 00:02:36
nvd
nvd
CVE-2021-38296
2022-03-10 09:15:07
ibm
ibm
Security Bulletin: Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.
2022-08-31 11:45:02
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

0.001 Low

EPSS

Percentile

19.1%

JSON
Related for CNVD-2022-21823
osv4veracode1prion1cvelist1cve1github1nvd1ibm1oracle1