Cloudera Manager Security Vulnerabilities and Issues — Cloudera Manager CVE List

Lucene search

ClouderaCloudera Manager

5 matches found

CVE•added 2019/06/07 3:29 p.m.•51 views

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for the...

5.5CVSS5.3AI score0.00117EPSS

CVE•added 2019/11/26 4:15 p.m.•33 views

CVE-2016-9271

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.

5.4CVSS5.2AI score0.00343EPSS

CVE•added 2019/11/26 5:15 p.m.•31 views

CVE-2019-14449

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.

5.4CVSS5.3AI score0.00343EPSS

CVE•added 2021/11/08 2:15 p.m.•30 views

CVE-2021-32483

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.

5.3CVSS5.2AI score0.00206EPSS

CVE•added 2019/11/26 3:15 p.m.•28 views

CVE-2015-4457

Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.

5.4CVSS5.1AI score0.00187EPSS