Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Impala Security Vulnerabilities

cve
cve

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the.....

7.5CVSS

7.7AI Score

0.002EPSS

2021-07-22 10:15 AM
22
6
cve
cve

CVE-2019-10084

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and....

7.5CVSS

7.6AI Score

0.001EPSS

2019-11-05 08:15 PM
22
cve
cve

CVE-2018-11792

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with...

9.8CVSS

9.3AI Score

0.001EPSS

2018-10-24 08:29 PM
19
cve
cve

CVE-2018-11785

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a...

6.5CVSS

6.3AI Score

0.001EPSS

2018-10-24 08:29 PM
18
cve
cve

CVE-2017-9792

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and...

6.5CVSS

6.5AI Score

0.001EPSS

2017-10-04 01:29 AM
25
cve
cve

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure...

7.5CVSS

7.4AI Score

0.001EPSS

2017-07-10 08:29 PM
20
cve
cve

CVE-2017-5640

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has...

9.8CVSS

9.4AI Score

0.002EPSS

2017-07-10 08:29 PM
31