Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-25642
HistoryAug 25, 2022 - 2:15 p.m.

CVE-2021-25642

2022-08-2514:15:00
CWE-502
[email protected]
web.nvd.nist.gov
55
4
cve
apache hadoop
yarn
deserialization
zkconfigurationstore
zookeeper
nvd
vulnerability
security fix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.

Social References

More

Related

cvelist 1
ibm 1
github 1
cnvd 1
veracode 1
prion 1
osv 2
redhatcve 1
oracle 1
cvelist
cvelist
CVE-2021-25642 Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
2022-08-25 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Hadoop (CVE-2021-25642)
2022-10-13 22:20:35
github
github
Deserialization of Untrusted Data in Apache Hadoop YARN
2022-08-26 00:03:33
cnvd
cnvd
Apache Hadoop code issue vulnerability
2022-08-30 00:00:00
veracode
veracode
Deserialization Of Untrusted Data
2022-08-31 05:47:22
prion
prion
Input validation
2022-08-25 14:15:00
osv
osv
CVE-2021-25642
2022-08-25 14:15:09
Deserialization of Untrusted Data in Apache Hadoop YARN
2022-08-26 00:03:33
redhatcve
redhatcve
CVE-2021-25642
2022-09-15 20:13:07
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON
Related for CVE-2021-25642
cvelist1ibm1github1cnvd1veracode1prion1osv2redhatcve1oracle1