Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9910F23AB8A89433081CCB0008E81EEAA7BC0B7F61DF231FB5C1B049F7552564
HistoryJul 18, 2020 - 11:29 p.m.

Security Bulletin: Security vulnerabilities have been identified in Open Source Apache Hadoop that are dependencies for IBM InfoSphere BigInsights (IBM Open Platform with Apache Hadoop) CVE-2017-3161, CVE-2017-3162

2020-07-1823:29:35
www.ibm.com
4

0.003 Low

EPSS

Percentile

70.7%

JSON

Summary

Security vulnerabilities have been identified in Open Source Apache Hadoop that are dependencies for IBM InfoSphere BigInsights (IBM Open Platform with Apache Hadoop) CVE-2017-3161, CVE-2017-3162

Vulnerability Details

CVE-ID: CVE-2017-3161
Description: Apache Hadoop is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HDFS web UI. A remote attacker could exploit this vulnerability using the unescaped query parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/125387 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVE-ID: CVE-2017-3162
Description: Apache Hadoop could allow a remote attacker to bypass security restrictions, caused by the interaction between HDFS clients and a servlet on the DataNode to browse the HDFS namespace. An attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/125388 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM InfoSphere BigInsights 4.0, 4.1| IBM Open Platform 4.0, 4.1

Workarounds and Mitigations

Install IBM Open Platform with Apache Spark and Apache Hadoop 4.2

Download site:
http://www.ibm.com/analytics/us/en/technology/hadoop/hadoop-trials.html

For installation instructions on how to install the IBM Open Platform with Apache Spark and Apache Hadoop, see Installing IBM Open Platform.

Related

openvas 1
veracode 2
cve 2
osv 4
github 2
prion 2
cvelist 2
nvd 2
photon 1
nessus 1
ibm 1
openvas
openvas
Apache Hadoop Multiple Vulnerabilities
2017-06-15 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-04-27 02:56:09
Input Validation Bypass
2017-04-27 02:21:20
cve
cve
CVE-2017-3161
2017-04-26 20:59:00
CVE-2017-3162
2017-04-26 20:59:00
osv
osv
Improper Neutralization of Input During Web Page Generation in Apache Hadoop
2022-05-13 01:08:56
CVE-2017-3161
2017-04-26 20:59:00
CVE-2017-3162
2017-04-26 20:59:00
github
github
Improper Neutralization of Input During Web Page Generation in Apache Hadoop
2022-05-13 01:08:56
Improper Input Validation in Apache Hadoop
2022-05-13 01:08:56
prion
prion
Cross site scripting
2017-04-26 20:59:00
Code injection
2017-04-26 20:59:00
cvelist
cvelist
CVE-2017-3162
2017-04-26 20:00:00
CVE-2017-3161
2017-04-26 20:00:00
nvd
nvd
CVE-2017-3162
2017-04-26 20:59:00
CVE-2017-3161
2017-04-26 20:59:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0029
2017-08-16 00:00:00
nessus
nessus
Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated)
2018-08-17 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability
2018-12-13 14:45:01

0.003 Low

EPSS

Percentile

70.7%

JSON
Related for 9910F23AB8A89433081CCB0008E81EEAA7BC0B7F61DF231FB5C1B049F7552564
openvas1veracode2cve2osv4github2prion2cvelist2nvd2photon1nessus1ibm1