Vulnerabilities > Cloudera > Cloudera Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-08 CVE-2021-32483 Unspecified vulnerability in Cloudera Manager 7.2.4
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
network
low complexity
cloudera
5.3
5.3
2021-11-08 CVE-2021-29243 Cross-site Scripting vulnerability in Cloudera Manager
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
network
low complexity
cloudera CWE-79
6.1
6.1
2021-11-08 CVE-2021-32482 Cross-site Scripting vulnerability in Cloudera Manager
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.
network
low complexity
cloudera CWE-79
6.1
6.1
2019-11-26 CVE-2019-14449 Cross-site Scripting vulnerability in Cloudera Manager
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1.
network
low complexity
cloudera CWE-79
5.4
5.4
2019-11-26 CVE-2016-9271 Cross-site Scripting vulnerability in Cloudera Manager
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
network
low complexity
cloudera CWE-79
5.4
5.4
2019-11-26 CVE-2015-4457 Cross-site Scripting vulnerability in Cloudera Manager
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
network
low complexity
cloudera CWE-79
5.4
5.4
2019-11-26 CVE-2016-3192 Cleartext Storage of Sensitive Information vulnerability in Cloudera Manager
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
network
low complexity
cloudera CWE-312
6.5
6.5
2019-07-03 CVE-2017-9327 Permission Issues vulnerability in Cloudera Manager 5.10.1/5.11.0/5.9.2
Secret data of processes managed by CM is not secured by file permissions.
network
low complexity
cloudera CWE-275
6.5
6.5
2019-06-20 CVE-2018-15913 Cross-site Scripting vulnerability in Cloudera Manager
An issue was discovered in Cloudera Manager 5.x through 5.15.0.
network
low complexity
cloudera CWE-79
6.1
6.1
2019-06-07 CVE-2018-6185 Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys.
network
low complexity
cloudera CWE-310
4.9
4.9