Jump to main content
HPE Ezmeral Data Fabric  6.2 Documentation
  • About Release 6.2
  • 6.2 Installation
  • 6.2 Platform
  • 6.2 Administration
  • 6.2 Development
  • Other Docs
  1. Home
  2. Other Docs

    This section contains release-independent information, including: MapR Installer documentation, Ecosystem release notes, interoperability matrices, security vulnerabilities, and links to other MapR version documentation.

  3. Security Vulnerabilities

    This section describes potential security vulnerabilities in HPE Ezmeral Data Fabric software. Where necessary, appropriate workarounds are provided.

HPE Ezmeral Data Fabric 6.2 Documentation
  • Other Docs

    This section contains release-independent information, including: MapR Installer documentation, Ecosystem release notes, interoperability matrices, security vulnerabilities, and links to other MapR version documentation.

    • Installer

      This section describes how to download and run the Installer setup script, which must be done before you can start the Installer web interface or issue Installer Stanza commands.

    • Interoperability Matrices

      This section provides tables that show the operating system (OS), JDK, ecosystem, and data-fabric client support for the HPE Ezmeral Data Fabric. Check these tables for information about software compatibility.

    • MapR Data Science Refinery Release Notes

      This section contains release notes for the MapR Data Science Refinery.

    • Ecosystem Component Release Notes

      The following release notes contain information for the components included in the HPE Ezmeral Data Fabric.

    • Ecosystem Packs (MEPs)

      This section contains links to information that is specific to a given MEP.

    • Kubernetes Interfaces for Data Fabric Release Notes

      This section contains release notes for the Kubernetes Interfaces for Data Fabric.

    • Patches for Known Issues

      A notice of known issues is maintained on the MapR Support website. The website indicates if patches or workarounds are available for an issue.

    • PACC Release Notes

      This section contains release notes for the Persistent Application Client Container (PACC).

    • Security Vulnerabilities

      This section describes potential security vulnerabilities in HPE Ezmeral Data Fabric software. Where necessary, appropriate workarounds are provided.

      • Web Browser Security Issues

        This section describes security issues with web browsers.

      • FUSE Clients do not Honor Impersonation Constraints in servicewithimpersonation Tickets
      • Zeppelin Authentication: Passwords in Shiro are overwritten
      • Spark Vulnerability with the toCommentSafeString Method
      • MapR Installer MySQL Credentials
      • Web Application Potentially Vulnerable to Clickjacking
      • Zeppelin Authentication: Passwords in Shiro are overwritten
      • CVE-2020-13379: SSRF Incorrect access control vulnerability
      • CVE-2018-8029: Apache Hadoop Privilege escalation vulnerability
      • CVE-2018-11760: PySpark local user can connect to Spark application and impersonate another user running the Spark application
      • CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability
      • CVE-2018-15804: MapR Ticket Credentials can become compromised
      • CVE-2018-1334: Apache Spark local privilege escalation vulnerability
      • CVE-2018-8012: Apache ZooKeeper Quorum does not provide peer mutual authentication
      • CVE-2018-1320: Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation
      • CVE-2017-15712: Oozie vulnerability exposes private files on server
      • CVE-2017-12197: Drill is vulnerable to this security threat
      • CVE-2017-5754: Meltdown and CVE-2017-5753 & CVE-2017-5715: Spectre impact to MapR
      • CVE-2016-7015: FasterXML Jackson SSRF Security Bypass
      • CVE-2016-5393: (No MapR Impact) Privilege Escalation Vulnerability in Apache Hadoop
      • CVE-2016-4946: Cross-Site Scripting (XSS) Vulnerability for Hue
      • CVE-2015-7521: Authorization Vulnerability for Hive Partition-Level Operations
      • CVE-2014-0114: Advisory will trigger emails overnight on 10/29 after 10 p.m. PST.C
      • CVE-2013-0450, CVE-2013-0431: Java JMX server insecure configuration remote code-execution vulnerability
    • Previous Versions

      This page contains links to the documentation for releases that are currently supported or have recently reached end-of-life.

    • MapR Edge

      This section contains information about MapR Edge, which is a small footprint edition of the MapR Converged Data Platform designed to capture, process, and analyze IoT data close to the source.

    • Product Licensing

      Provides information related to product licensing.

    • Other Resources

      This page provides links to additional resources such as on-demand training, videos, blogs, and the HPE Ezmeral Data Fabric community.

Security Vulnerabilities

This section describes potential security vulnerabilities in HPE Ezmeral Data Fabric software. Where necessary, appropriate workarounds are provided.

On the Support Portal, you can sign up to receive proactive notices about vulnerabilities. See MapR Support Portal: How do I sign-up for proactive email advisories on critical issues?

  • Web Browser Security Issues
    This section describes security issues with web browsers.
  • FUSE Clients do not Honor Impersonation Constraints in servicewithimpersonation Tickets
  • Zeppelin Authentication: Passwords in Shiro are overwritten
  • Spark Vulnerability with the toCommentSafeString Method
  • MapR Installer MySQL Credentials
  • Web Application Potentially Vulnerable to Clickjacking
  • Zeppelin Authentication: Passwords in Shiro are overwritten
  • CVE-2020-13379: SSRF Incorrect access control vulnerability
  • CVE-2018-8029: Apache Hadoop Privilege escalation vulnerability
  • CVE-2018-11760: PySpark local user can connect to Spark application and impersonate another user running the Spark application
  • CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability
  • CVE-2018-15804: MapR Ticket Credentials can become compromised
  • CVE-2018-1334: Apache Spark local privilege escalation vulnerability
  • CVE-2018-8012: Apache ZooKeeper Quorum does not provide peer mutual authentication
  • CVE-2018-1320: Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation
  • CVE-2017-15712: Oozie vulnerability exposes private files on server
  • CVE-2017-12197: Drill is vulnerable to this security threat
  • CVE-2017-5754: Meltdown and CVE-2017-5753 & CVE-2017-5715: Spectre impact to MapR
  • CVE-2016-7015: FasterXML Jackson SSRF Security Bypass
  • CVE-2016-5393: (No MapR Impact) Privilege Escalation Vulnerability in Apache Hadoop
  • CVE-2016-4946: Cross-Site Scripting (XSS) Vulnerability for Hue
  • CVE-2015-7521: Authorization Vulnerability for Hive Partition-Level Operations
  • CVE-2014-0114: Advisory will trigger emails overnight on 10/29 after 10 p.m. PST.C
  • CVE-2013-0450, CVE-2013-0431: Java JMX server insecure configuration remote code-execution vulnerability
(Topic last modified: 2020-11-04)
©Copyright 2021 Hewlett Packard Enterprise Development LP -
Partners | Support | Dev-Hub | Community | Training | Blog | My Account | ALA | Privacy Policy | Glossary