3 matches found
CVE-2016-4949
CVE-2016-4949 affects Cloudera Manager 5.5 and earlier. A remote attacker could obtain sensitive information by manipulating the filename parameter in the logs endpoint /cmf/process//logs, supplying either “stderr.log” or “stdout.log”. The underlying issue is an information disclosure in the proc...
CVE-2016-4950
CVE-2016-4950 affects Cloudera Manager 5.5 and earlier. A remote attacker could enumerate user sessions by calling /api/v11/users/sessions, exposing active sessions information. Public descriptions confirm the issue is an access-control flaw in the sessions API. The IBM security bulletin maps CVS...
CVE-2016-4948
CVE-2016-4948 concerns multiple cross-site scripting (XSS) flaws in Cloudera Manager 5.5 and earlier. An attacker could inject arbitrary scripts via user-supplied input in (1) Template Name when renaming a template, (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, ...