Vulnerabilities > Apache > Impala > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-28131 | Information Exposure Through Log Files vulnerability in Apache Impala Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. | 7.5 |
| 2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |
| 2017-07-10 | CVE-2017-5652 | Cleartext Transmission of Sensitive Information vulnerability in Apache Impala 2.7.0/2.8.0 During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. | 7.5 |