Vulnerabilities > Cloudera > CDH > 5.5.1

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2018-17860 Incorrect Default Permissions vulnerability in Cloudera CDH
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
network
low complexity
cloudera CWE-276
7.2
7.2
2019-11-26 CVE-2016-6353 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
network
low complexity
cloudera CWE-863
6.5
6.5
2019-11-26 CVE-2016-5724 Information Exposure vulnerability in Cloudera CDH
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
network
low complexity
cloudera CWE-200
7.5
7.5
2019-11-26 CVE-2016-4572 Incorrect Authorization vulnerability in Cloudera CDH
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
network
low complexity
cloudera CWE-863
8.8
8.8
2019-11-26 CVE-2016-3131 Incorrect Authorization vulnerability in Cloudera CDH
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
network
low complexity
cloudera CWE-863
6.5
6.5
2019-07-03 CVE-2017-9325 Improper Authorization vulnerability in Cloudera CDH
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
network
low complexity
cloudera CWE-285
7.5
7.5
2017-04-10 CVE-2016-6605 Improper Access Control vulnerability in Cloudera CDH
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
network
low complexity
cloudera CWE-284
7.5
7.5