5 matches found
Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.
Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +74 more potentially affected by CVE-2022-33891 +1 more via pyspark (>=3.1.1 <=3.2.1)
pyspark PYPI version =3.1.1, =0.1.2, =0.1.1, =0.1.5, =0.0.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.1, =0.42.2 and more Source cves: CVE-2022-33891, CVE-2023-32007 Source advisory: OSV:GHSA-59HW-J9G6-MFG3...
CVE-2023-32007
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
CVE-2023-32007
CVE-2023-32007 describes a command injection in the Apache Spark UI when ACLs are enabled via spark.acls.enable. A path in HttpSecurityFilter could allow impersonation by supplying an arbitrary username, enabling a permission check to build and execute a Unix shell command as the Spark process us...
Apache Spark <= 3.0.3 / 3.1.1 < 3.1.3 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)
Binary data apachesparkcve-2022-33891.nbin...