Lucene search

[email protected]CVE-2015-3186

HistoryNov 02, 2015 - 7:59 p.m.

CVE-2015-3186

2015-11-0219:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2015

3186

cross-site scripting

xss

apache ambari

nvd

security vulnerability

5.4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.7%

JSON

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

CPENameOperatorVersion
apache:ambariapache ambarieq2.0.0
apache:ambariapache ambarile2.0.2
apache:ambariapache ambarieq1.7.0
apache:ambariapache ambarieq2.0.1

CPE	Name	Operator	Version
apache:ambari	apache ambari	eq	2.0.0
apache:ambari	apache ambari	le	2.0.2
apache:ambari	apache ambari	eq	1.7.0
apache:ambari	apache ambari	eq	2.0.1

References

www.openwall.com/lists/oss-security/2015/10/13/1

cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities

5.4 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for CVE-2015-3186

cvelist1 prion1 openvas1