Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
September 2, 2021Rewterz Threat Advisory – CVE-2021-34733 – Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Security Vulnerability
September 3, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
September 2, 2021Rewterz Threat Advisory – CVE-2021-34733 – Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Security Vulnerability
September 3, 2021Severity
High
Analysis Summary
CVE-2021-27578
Apache Zeppelin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the markdown interpreter. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2020-13929
Apache Zeppelin could allow a remote attacker to bypass security restrictions, caused by a notebook permissions bypass flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication mechanism to act as another user.
CVE-2019-10095
Apache Zeppelin could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a bash command injection flaw. By sending a specially-crafted input to the Spark interpreter settings, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Cross-Site Scripting
- Security Bypass
- Unauthorized Access
- Credential Theft
Affected Vendors
Apache
Affected Products
- Apache Zeppelin 0.8.2
- Apache Zeppelin 0.9.0
Remediation
Upgrade to the latest version of Apache Zeppelin, available from the Apache Web site.