Vulnerabilities > Apache > Storm > 0.10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2019-0202 | Information Exposure Through Log Files vulnerability in Apache Storm The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. | 7.5 |
| 2018-06-05 | CVE-2018-8008 | Path Traversal vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. | 5.5 |
| 2018-06-05 | CVE-2018-1332 | Information Exposure vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons. | 6.5 |
| 2017-01-13 | CVE-2015-3188 | Permissions, Privileges, and Access Controls vulnerability in Apache Storm 0.10.0 The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |