Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 28, 2023

High
CISA KEV

CVE-2022-33891

ApacheSpark

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Required Action

https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Published
Mar 7, 2023
KEV Added
Mar 7, 2023
Due Date
Mar 28, 2023
Related Articles
0

Vendor

Apache

Spark