SB2022072206 - Information disclosure in IBM Cloud Pak for Multicloud Management Monitoring
Published: July 22, 2022
Security Bulletin ID
SB2022072206
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-15713)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-is-vulnerable-to-information-disclosure-due-to-its-use-of-apache-hadoop-cve-2017-15713/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-is-vulnerable-to-information-disclosure-due-to-its-use-of-apache-hadoop-cve-2017-15713/</a><br><a
- https://www.ibm.com/support/pages/node/6606309"
- https://www.ibm.com/support/pages/node/6606309</a><br><br><br></p>