Vulnerabilities > Apache > Storm > 0.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-26 | CVE-2019-0202 | Information Exposure Through Log Files vulnerability in Apache Storm The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. | 7.5 |
| 2018-07-10 | CVE-2018-1331 | Unspecified vulnerability in Apache Storm In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user. | 8.8 |
| 2018-06-05 | CVE-2018-8008 | Path Traversal vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. | 5.5 |
| 2018-06-05 | CVE-2018-1332 | Information Exposure vulnerability in Apache Storm Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons. | 6.5 |