Rewterz Threat Alert – UPAS Malware – Active IOCs
July 19, 2022Rewterz Threat Advisory – CVE-2022-33891 – Apache Spark Vulnerability
July 20, 2022Rewterz Threat Alert – UPAS Malware – Active IOCs
July 19, 2022Rewterz Threat Advisory – CVE-2022-33891 – Apache Spark Vulnerability
July 20, 2022Severity
High
Analysis Summary
CVE-2021-34538
Apache Hive could allow a remote attacker to bypass security restrictions, caused by improper authorization validation by the CREATE and DROP function operations. By sending a specially-crafted request, an attacker could exploit this vulnerability to drop and recreate UDFs and pointing them to malicious jars.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2021-34538
Affected Vendors
Apache
Affected Products
Apache Hive 3.1.2
Remediation
Upgrade to the latest version of Apache Hive, available from the Apache Web site.