Lucene search
+L

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 2:19 p.m.47 views

Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.

Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...

9.9CVSS8.9AI score0.75792EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.25 views

Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

9.9CVSS8.2AI score0.01109EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 2:4 p.m.40 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Spark privilege escalation vulnerabilitiy [ CVE-2023-22946]

Summary Potential Apache Spark privilege escalation vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-22946 Vulnerability Details CVEID:CVE-2023-22946...

9.9CVSS8.6AI score0.01109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 10:3 p.m.20 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID:CVE-2023-22946 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using...

9.9CVSS8.3AI score0.01109EPSS
Exploits0Affected Software1
Circl
Circl
added 2023/04/17 12:28 p.m.8 views

CVE-2023-22946

creationtimestamp| type| source ---|---|--- 2023-04-17 12:28:12+00:00| seen| https://t.me/cibsecurity/62264...

9.9CVSS8.5AI score0.01109EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/04/17 8:15 a.m.10 views

abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +215 more potentially affected by CVE-2023-22946 via pyspark (>=2.1.2 <=3.3.4)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:PYSEC-2023-44...

9.9CVSS7.7AI score0.01109EPSS
Exploits0
CVE
CVE
added 2023/04/17 7:30 a.m.103 views

CVE-2023-22946

CVE-2023-22946 affects Apache Spark prior to 3.4.0. An attacker can abuse a proxy-user configuration by placing malicious configuration classes on the classpath, enabling code execution with the privileges of the submitting user (e.g., in environments using Livy). The vulnerability arises when sp...

9.9CVSS8AI score0.01109EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/17 7:30 a.m.17 views

CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

6.4CVSS7.1AI score0.01109EPSS
Exploits0References1
Rows per page
Query Builder