Summary Apache Hadoop has multiple vulnerabilities that can affect IBM watsonx.data. Vulnerability Details ** CVEID: CVE-2022-26612 DESCRIPTION: **Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes by the unTar function. By following symbolic links, an attacker could exploit this vulnerability to write arbitrary files on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223688 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: CVE-2018-8029 DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to run arbitrary commands as root user. CVSS Base score: 8.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161812 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: CVE-2022-25168 DESCRIPTION: **Apache Hadoop could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input file name validation by the FileUtil.unTar(File, File) API. By sending specially-crafted arguments, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base score: 7.8 CVSS Temporal Score:…Read More