Vulnerabilities > Cloudera > Cloudera Manager > 3.7.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-26 | CVE-2015-4457 | Cross-site Scripting vulnerability in Cloudera Manager Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. | 3.5 |
2019-11-26 | CVE-2015-6495 | Information Exposure vulnerability in Cloudera Manager There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. | 5.0 |
2019-07-11 | CVE-2018-11744 | Improper Access Control vulnerability in Cloudera Manager Cloudera Manager through 5.15 has Incorrect Access Control. | 6.8 |
2019-06-07 | CVE-2018-5798 | Cross-site Scripting vulnerability in Cloudera Manager This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | 4.3 |
2019-05-24 | CVE-2018-10815 | Information Exposure vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. | 4.0 |
2014-06-10 | CVE-2014-0220 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. | 4.0 |
2012-04-12 | CVE-2012-2230 | Cryptographic Issues vulnerability in Cloudera products Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. | 6.5 |