Severity
High
Analysis Summary
CVE-2021-25642
Apache Hadoop could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when ZKConfigurationStore is used. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands as YARN user on the system.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2021-25642
Affected Vendors
Apache
Affected Products
- Apache Hadoop 3.0.0-alpha
- Apache Hadoop 2.9.0
- Apache Hadoop 2.10.1
- Apache Hadoop 3.3.0
- Apache Hadoop 3.2.3
- Apache Hadoop 3.3.3
Remediation
Upgrade to the latest version of Apache Hadoop, available from the Apache Website.