Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 10:30 a.m.45 views

Security Bulletin: IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2022-25168)

Summary A security vulnerability has been identified in the IBM Spectrum Scale GPFS Hadoop connector which could allow a local authenticated attacker to execute arbitrary commands on the system. Fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-25168 DESCRIPTION: Apach...

9.8CVSS9.3AI score0.03259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 12:16 p.m.76 views

Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis (CVE-2022-26612, CVE-2022-25168)

Summary Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypas...

9.8CVSS9.8AI score0.04292EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2022/08/17 1:38 p.m.159 views

CVE-2022-25168

A flaw was found in the hadoop-common package. This flaw allows an attacker to benefit from command injection using the org.apache.hadoop.fs.FileUtil.unTarUsingTar function...

9.8CVSS4.1AI score0.03259EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/08/05 12:0 a.m.6 views

ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +647 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.3.0 <=3.3.2)

org.apache.hadoop:hadoop-common MAVEN version =3.3.0, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.13.0, =0.2.7, =0.2.7, =0.6.1.2, =1.0.0, =1.0.0, =0.2.2, =1.0.0, =1.0.0, =0.2.2, =0.4.1 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...

9.8CVSS7.2AI score0.03259EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/08/05 12:0 a.m.4 views

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.chronon:aggregator_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +1329 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.0.0-alpha1 <=3.2.3)

org.apache.hadoop:hadoop-common MAVEN version =3.0.0-alpha1, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =thread-pool-0.0.24-dev, =0.0.6, =0.0.2, =0.1.7, =3.34.0.3-1-3.1, =0.0.3, =1.0.0, =1.8.0 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...

9.8CVSS7.2AI score0.03259EPSS
Exploits0
Circl
Circl
added 2022/08/04 6:19 p.m.5 views

CVE-2022-25168

creationtimestamp| type| source ---|---|--- 2022-08-04 18:19:39+00:00| seen| https://t.me/cibsecurity/47559 2024-01-27 23:54:45+00:00| seen| https://t.me/arpsyndicate/3121...

9.8CVSS8.5AI score0.03259EPSS
Exploits0References2
NVD
NVD
added 2022/08/04 3:15 p.m.29 views

CVE-2022-25168

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

9.8CVSS0.03259EPSS
Exploits0References2
CVE
CVE
added 2022/08/04 2:30 p.m.781 views

CVE-2022-25168

CVE-2022-25168 affects Apache Hadoop's FileUtil.unTar(File, File) API, which does not escape the input file name before passing it to the shell. This enables command injection. In Hadoop, this vulnerability has been identified in the InMemoryAliasMap.bootstrap transfer path (local user context), ...

9.8CVSS9.9AI score0.03259EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder