CVE-2023-38156

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Sep 12, 2023

Updated: May 29, 2024

CWE ID 20

Summary

CVE-2023-38156 is an elevation of privilege vulnerability affecting Azure HDInsight's Apache Ambari. Hackers can exploit this JDBC injection flaw to gain unauthorized access to sensitive data or even take control of HDInsight clusters. Successful exploitation requires user interaction, such as an administrator running a malicious SQL query. Microsoft advises users to apply the available patch as soon as possible to mitigate the risk. Additionally, it is recommended to implement multi-factor authentication and restrict network access to only trusted sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r-Ocj5
https://www.cve.org/CVERecord?id=CVE-2023-38156
https://nvd.nist.gov/vuln/detail/CVE-2023-38156

Back to Vulnerability Database

CVE-2023-38156

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations