9.8CVSS
9.4AI Score
0.002EPSS
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted...
5.3CVSS
5.2AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this...
5.4CVSS
6.5AI Score
0.001EPSS
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search...
5.4CVSS
6.5AI Score
0.001EPSS
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those...
8.8CVSS
7.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified...
5.4CVSS
5.9AI Score
0.001EPSS
6.5CVSS
7.4AI Score
0.001EPSS
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support...
7.5CVSS
7.4AI Score
0.002EPSS
8.1CVSS
9.4AI Score
0.003EPSS
6.5CVSS
7.4AI Score
0.001EPSS
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be...
6.1CVSS
8.8AI Score
0.001EPSS
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera...
6.1CVSS
6.6AI Score
0.001EPSS
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
4.9CVSS
7.7AI Score
0.001EPSS
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster...
6.5CVSS
7.2AI Score
0.001EPSS
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
3.3CVSS
6.5AI Score
0.0004EPSS
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka...
3.1CVSS
4.5AI Score
0.001EPSS
Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this...
7.2AI Score
0.0004EPSS
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the...
5.9AI Score
0.002EPSS
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than...
6.4AI Score
0.002EPSS