Lucene search

IBM76234FC964F6EB15041160EFA8F4DCBCE8ABCD92120C1BC9F7E72B44C7B0A892

HistoryMay 07, 2024 - 7:56 p.m.

Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1

2024-05-0719:56:14

www.ibm.com

cloudera

data platform

private cloud

base 7.1.9

common vulnerability

cve-2021-43045

apache avro

denial of service

.net sdk

ibm

cloudera runtime 7.1.9.2

cumulative hotfix 1

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON

Summary

Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera.

Vulnerability Details

CVEID:CVE-2021-43045
**DESCRIPTION:**Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate excessive resources, resulting in a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Cloudera Data Platform Private Cloud Base with IBM (CDP)	7.1.9

Remediation/Fixes

Fix available for CVE-2021-43045 in Cloudera Runtime 7.1.9.2 (Cumulative Hotfix 1) downloadable from Cloudera.com.

Workarounds and Mitigations

None

CPENameOperatorVersion
cloudera data platform private cloud base with ibmeq7.1.9

CPE	Name	Operator	Version
	cloudera data platform private cloud base with ibm	eq	7.1.9