CEWL let you know 8.5 months before CISA - on March 7, 2023, CISA identified that Apache Spark UI has been hit by threat actors under CVE-2022-33891. We added it to CEWL on July 19, 2022.
CVE-2022-22891 offered the possibility to enable ACLs via a configuration option, ultimately allowing someone to perform impersonation by providing an arbitrary user name.
Wish you could have known before it happened? Stay ahead of threat actors by scheduling your demo today:https://calendly.com/ctci-inc/ctci-cewl-demo-1-hour