IBM Development Package for Apache Spark addresses the following vulnerability. The vulnerability is a potential cross-site scripting (XSS) attack on a Web UI client; server-side analytical processing by Apache Spark is not affected and data is not compromised.
CVE(s): CVE-2017-7678
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uz4HEs
X-Force Database: http://ift.tt/2ui5QoF
The post IBM Security Bulletin: IBM Development Package for Apache Spark might create a remote exploitation vector against old Internet Explorer browsers through XSS appeared first on IBM PSIRT Blog.
| Affected IBM Development Package for Apache Spark | Affected Versions |
| IBM Development Package for Apache Spark, v1.x | All versions |
| IBM Development Package for Apache Spark, v2.x | Version 2.0.0.0 – 2.1.1.0 |
from IBM Product Security Incident Response Team http://ift.tt/2uza7iN
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.