https://community.splunk.com/t5/Security/Is-Splunk-Enterprise-vulnerable-CVE-2022-33891-and-CVE-2021/m-p/608354#M16265 <P>One of our client recently performed a vulnerability scan on Splunk Enterprise 8.2.7 and they were found as vulnerable for Apache Spark package and Apache hive package :</P><P>bin\jars\vendors\spark\3.0.1\lib\spark-core_2.12-3.0.1.jar&nbsp;</P><P>and&nbsp;</P><P>\bin\jars\thirdparty\hive_3_1\hive-exec-3.1.2.jar</P><P>I see version 9.0 uses patched version of hive i.e 3.1.3 and does not use spark</P><P>Did anyone else found this ??</P><P>&nbsp;</P> Thu, 04 Aug 2022 21:10:21 GMT lskaariwala 2022-08-04T21:10:21Z https://community.splunk.com/t5/Security/Is-Splunk-Enterprise-vulnerable-CVE-2022-33891-and-CVE-2021/m-p/608354#M16265 <P>One of our client recently performed a vulnerability scan on Splunk Enterprise 8.2.7 and they were found as vulnerable for Apache Spark package and Apache hive package :</P><P>bin\jars\vendors\spark\3.0.1\lib\spark-core_2.12-3.0.1.jar&nbsp;</P><P>and&nbsp;</P><P>\bin\jars\thirdparty\hive_3_1\hive-exec-3.1.2.jar</P><P>I see version 9.0 uses patched version of hive i.e 3.1.3 and does not use spark</P><P>Did anyone else found this ??</P><P>&nbsp;</P> Thu, 04 Aug 2022 21:10:21 GMT https://community.splunk.com/t5/Security/Is-Splunk-Enterprise-vulnerable-CVE-2022-33891-and-CVE-2021/m-p/608354#M16265 lskaariwala 2022-08-04T21:10:21Z