Vulnerabilities > Cloudera > Cloudera Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-11 | CVE-2018-11744 | Improper Access Control vulnerability in Cloudera Manager Cloudera Manager through 5.15 has Incorrect Access Control. | 6.8 |
| 2019-07-03 | CVE-2017-9327 | Permission Issues vulnerability in Cloudera Manager 5.10.1/5.11.0/5.9.2 Secret data of processes managed by CM is not secured by file permissions. | 4.0 |
| 2019-07-03 | CVE-2017-9326 | Credentials Management vulnerability in Cloudera Manager 5.11.0 The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. | 3.5 |
| 2019-06-20 | CVE-2018-15913 | Cross-site Scripting vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager 5.x through 5.15.0. | 4.3 |
| 2019-06-07 | CVE-2018-6185 | Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. | 5.5 |
| 2019-06-07 | CVE-2018-5798 | Cross-site Scripting vulnerability in Cloudera Manager This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | 4.3 |
| 2019-05-24 | CVE-2018-10815 | Information Exposure vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. | 4.0 |
| 2017-03-23 | CVE-2015-4078 | Information Exposure vulnerability in Cloudera Manager and Navigator Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 3.5 |
| 2017-03-23 | CVE-2015-2263 | Permissions, Privileges, and Access Controls vulnerability in Cloudera Manager Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. | 2.1 |
| 2015-02-10 | CVE-2014-8733 | Information Exposure vulnerability in Cloudera Manager 5.2.0/5.2.1/5.3.0 Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. | 2.1 |