Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 2:19 p.m.47 views

Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.

Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...

9.9CVSS8.9AI score0.75792EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/02 9:30 a.m.7 views

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +74 more potentially affected by CVE-2022-33891 +1 more via pyspark (>=3.1.1 <=3.2.1)

pyspark PYPI version =3.1.1, =0.1.2, =0.1.1, =0.1.5, =0.0.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.1, =0.42.2 and more Source cves: CVE-2022-33891, CVE-2023-32007 Source advisory: OSV:GHSA-59HW-J9G6-MFG3...

8.8CVSS7.4AI score0.92984EPSS
Exploits12
OSV
OSV
added 2023/05/02 9:15 a.m.38 views

CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS8.9AI score0.92984EPSS
Exploits12References4
CVE
CVE
added 2023/05/02 8:37 a.m.292 views

CVE-2023-32007

CVE-2023-32007 describes a command injection in the Apache Spark UI when ACLs are enabled via spark.acls.enable. A path in HttpSecurityFilter could allow impersonation by supplying an arbitrary username, enabling a permission check to build and execute a Unix shell command as the Spark process us...

8.8CVSS8.9AI score0.75792EPSS
In wildExploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/10 12:0 a.m.48 views

Apache Spark <= 3.0.3 / 3.1.1 < 3.1.3 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)

Binary data apachesparkcve-2022-33891.nbin...

8.8CVSS8.9AI score0.92984EPSS
Exploits12References4
Rows per page
Query Builder