Vulnerabilities > CVE-2018-11785 - Missing Authorization vulnerability in Apache Impala

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
apache
CWE-862
NVD
Published: 2018-10-24
Updated: 2023-11-07

Summary

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

Vulnerable Configurations

Part Description Count
Application
Apache
23

Common Weakness Enumeration (CWE)

References