An Apache Hadoop vulnerability could affect InfoSphere Streams. Please see details below.
CVEID:CVE-2020-9492
**DESCRIPTION:**Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of SPNEGO authorization header. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to trigger services to send server credentials to a webhdfs path for capturing the service principal.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Streams | 4.1.1.x |
InfoSphere Streams | 4.2.1.x |
InfoSphere Streams | 4.3.1.x |
Apply 4.3.1 Fix Pack 5 (4.3.1.5) or higher .
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm streams | eq | 4 |