Cloudera Manager@5.3.0 Security Vulnerabilities and Issues — Cloudera Manager@5.3.0 CVE List

Lucene search

ClouderaCloudera Manager5.3.0

3 matches found

CVE•added 2017/03/23 8:59 p.m.•61 views

CVE-2015-4078

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

3.5CVSS4.6AI score0.94196EPSS

CVE•added 2017/03/23 8:59 p.m.•40 views

CVE-2015-2263

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrat...

3.3CVSS3.7AI score0.00036EPSS

CVE•added 2015/02/10 7:59 p.m.•36 views

CVE-2014-8733

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.

2.1CVSS6.6AI score0.00056EPSS