3 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Hadoop (CVE-2021-25642)
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Hadoop. Vulnerability Details CVEID:CVE-2021-25642 DESCRIPTION: Apache Hadoop could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when...
CVE-2021-25642
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
CVE-2021-25642 Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...