Home Unlabelled IBM Security Bulletin: Vulnerability in dependent component distributed in IBM Development Package for Apache Spark (CVE-2015-1832)

IBM Security Bulletin: Vulnerability in dependent component distributed in IBM Development Package for Apache Spark (CVE-2015-1832)

By
Thursday, September 08, 2016
Read
Add Comment

Apache Derby versions up to 10.12.1.1 may be susceptible to an XML external entity (XXE) attack. Hive’s metastore, where created, requires Derby when Apache Hadoop data sources are used with Apache Spark. Apache Derby is therefore included in the IBM Development Package for Apache Spark.

CVE(s): CVE-2015-1832

Affected product(s) and affected version(s):

IBM Development Package for Apache Spark 1.6.2.0 and earlier releases.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2bVm6NW
X-Force Database: http://ift.tt/2bWzdnb



from IBM Product Security Incident Response Team http://ift.tt/2bVj1he
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us