The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username.
9.8CVSS
9.5AI Score
0.003EPSS
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like my test, test*.txt. This can result in unintended behavior.
9.8CVSS
9.3AI Score
0.001EPSS