CVE-2021-29215

A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hpeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
hpetez
0.8 ≤
𝑥
≤ 0.8.201907081100-1.noarch
hpetez
0.9 ≤
𝑥
< 0.9.201907090334-1.noarch
hpetez
0.9.2 ≤
𝑥
≤ 0.9.2.0.201907081043-1.noarch
𝑥
= Vulnerable software versions
References
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbez04196en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbez04196en_us