Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1

Summary Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1 Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on...

Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...

Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3

Summary Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3 Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM

Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...

Security Bulletin: Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2 are available to download from Cloudera and IBM. Vulnerability Details CVEID:CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1

Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...

Security Bulletin: Multiple Vulnerabilities discovered in Cloudera Data Platform Private Cloud Base with IBM 7.1.7 SP2

Summary Multiple Vulnerabilities discovered in Cloudera Data Platform Private Cloud Base with IBM 7.1.7 SP2 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Cloudera Data Platform Priva...

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities

Summary Cloudera Data Platform Private Cloud Base with IBM products are affected by multiple Apache Log4j 1.x, 2.x vulnerabilities. Log messages are vulnerable to arbitrary code execution CVE-2022-23302, CVE-2021-44832, denial of service CVE-2021-45105, default file permissions CVE-2022-21704,...

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...