Vulnerabilities > Apache > Ranger
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-2174 | SQL Injection vulnerability in Apache Ranger 0.5.0/0.5.1/0.5.2 SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | 7.2 |
| 2016-04-12 | CVE-2016-0733 | Improper Authentication vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0 The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. | 9.8 |
| 2016-04-12 | CVE-2015-5167 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0/0.4.1/0.5.0 The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | 6.5 |
| 2016-04-11 | CVE-2016-0735 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.5.0/0.5.1 Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy. | 8.8 |
| 2016-04-11 | CVE-2015-0266 | Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0 The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. | 7.1 |
| 2016-04-11 | CVE-2015-0265 | Cross-site Scripting vulnerability in Apache Ranger 0.4.0 Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. | 6.1 |