8 matches found
Security Bulletin: Vulnerability in Elastic Elasticsearch-Hadoop affects watsonx.data
Summary Elastic Elasticsearch-Hadoop could allow the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. As this occurs when the user has been authenticated, there is limited impact to watsonx.data. Vulnerabili...
Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.(CVE-2023-46674)
Summary Potential Elastic Elasticsearch-Hadoop arbitrary code execution vulnerabilitiy.CVE-2023-46674has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-46674...
ai.tripl:arc-elasticsearch-pipeline-plugin_2.11 (>=1.0.0 <=1.1.1), ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14) +12 more potentially affected by CVE-2023-46674 via org.elasticsearch:elasticsearch-hadoop (>=1.2.0 <=7.0.1)
org.elasticsearch:elasticsearch-hadoop MAVEN version =1.2.0, =1.0.0, =0.0.13, =1.13.3, =0.1.1, =0.1.1, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =7.1.0.fuse-047, =7.1.0.fuse-047, =7.2.0.redhat-060 Source cves: CVE-2023-46674 Source advisory: OSV:GHSA-RV74-M283-5J95...
io.github.pulquero.halyard:halyard-sdk (>=3.9 <=5.1), io.github.pulquero.halyard:halyard-tools (>=3.9 <=5.1) +1 more potentially affected by CVE-2023-46674 via org.elasticsearch:elasticsearch-hadoop (>=8.10.4 <=8.4.2)
org.elasticsearch:elasticsearch-hadoop MAVEN version =8.10.4, =3.9, =3.9, =3.9, =3.12 Source cves: CVE-2023-46674 Source advisory: OSV:GHSA-RV74-M283-5J95...
CVE-2023-46674 Elasticsearch-hadoop Unsafe Deserialization
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...
Elasticsearch-hadoop 7.17.11 / 8.9.0 Security Update (ESA-2023-28)
Elasticsearch-hadoop Unsafe Deserialization ESA-2023-28 An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon W...
Elasticsearch-hadoop Code Issue Vulnerability
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch-hadoop that stems from a deserialization vulnerability in java objects in hadoop or spark configuration properties. Affected products and versions: Elasticsearch-hadoop versions prior to...