CVE-2021-29215 (GCVE-0-2021-29215)
Vulnerability from cvelistv5 – Published: 2022-01-18 16:52 – Updated: 2024-08-03 22:02
VLAI
Summary
A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.
Severity
9.8 (Critical)
CWE
- remote access restriction bypass
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | HPE Ezmeral Data Fabric |
Affected:
Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch Tez-0.9: mapr-tez-0.9.201907090334-1.noarch Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HPE Ezmeral Data Fabric",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch Tez-0.9: mapr-tez-0.9.201907090334-1.noarch Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote access restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T16:52:33.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Ezmeral Data Fabric",
"version": {
"version_data": [
{
"version_value": "Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch Tez-0.9: mapr-tez-0.9.201907090334-1.noarch Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote access restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29215",
"datePublished": "2022-01-18T16:52:33.000Z",
"dateReserved": "2021-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-29215",
"date": "2026-06-29",
"epss": "0.0116",
"percentile": "0.6317"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29215\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2022-01-18T17:15:08.267\",\"lastModified\":\"2024-11-21T06:00:50.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; prior to Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; prior to Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE has provided software updates to resolve the vulnerability in the TEZ MapR ecosystem component in HPE Ezmeral Data Fabric.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una posible vulnerabilidad de seguridad en HPE Ezmeral Data Fabric que puede permitir una omisi\u00f3n de restricci\u00f3n de acceso remoto en el componente del ecosistema TEZ MapR en las versiones Anteriores a Tez-0.8: mapr-tez-0.8.201907081100-1.noarch; anteriores a Tez-0.9: mapr-tez-0.9.201907090334-1.noarch; anteriores a Tez-0.9.2: mapr-tez-0.9.2.0.201907081043-1.noarch. HPE ha proporcionado actualizaciones de software para resolver la vulnerabilidad en el componente del ecosistema TEZ MapR en HPE Ezmeral Data Fabric\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hpe:tez:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.8\",\"versionEndIncluding\":\"0.8.201907081100-1.noarch\",\"matchCriteriaId\":\"4FBA9289-6DB0-4AF4-AD39-AB3762607474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hpe:tez:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9\",\"versionEndExcluding\":\"0.9.201907090334-1.noarch\",\"matchCriteriaId\":\"7F7DF1E5-8DEB-454F-A00F-DE0AEE3D884D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hpe:tez:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.2\",\"versionEndIncluding\":\"0.9.2.0.201907081043-1.noarch\",\"matchCriteriaId\":\"BFFC8A68-7DCB-4F73-A158-543CE9AB6ECF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:hpe:ezmeral_data_fabric:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5BCF94C-4525-43AB-AFE1-8840F8C21A6F\"}]}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbez04196en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…