Vulnerabilities > Cloudera

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-26	CVE-2015-7831	Improper Privilege Management vulnerability in Cloudera CDH In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. network low complexity cloudera CWE-269	8.8
2019-11-26	CVE-2015-6495	Information Exposure vulnerability in Cloudera Manager There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. network low complexity cloudera CWE-200	7.5
2019-07-11	CVE-2018-11744	Improper Access Control vulnerability in Cloudera Manager Cloudera Manager through 5.15 has Incorrect Access Control. network high complexity cloudera CWE-284	8.1
2019-07-03	CVE-2017-9327	Permission Issues vulnerability in Cloudera Manager 5.10.1/5.11.0/5.9.2 Secret data of processes managed by CM is not secured by file permissions. network low complexity cloudera CWE-275	6.5
2019-07-03	CVE-2017-9326	Credentials Management vulnerability in Cloudera Manager 5.11.0 The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. network high complexity cloudera CWE-255	7.5
2019-07-03	CVE-2017-9325	Improper Authorization vulnerability in Cloudera CDH The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. network low complexity cloudera CWE-285	7.5
2019-07-03	CVE-2018-11215	OS Command Injection vulnerability in Cloudera Data Science Workbench Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. network low complexity cloudera CWE-78 critical	9.8
2019-06-21	CVE-2018-15665	Information Exposure vulnerability in Cloudera Data Science Workbench An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. network low complexity cloudera CWE-200	5.3
2019-06-20	CVE-2018-15913	Cross-site Scripting vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager 5.x through 5.15.0. network low complexity cloudera CWE-79	6.1
2019-06-07	CVE-2018-20091	SQL Injection vulnerability in Cloudera Data Science Workbench 1.4.0/1.4.1/1.4.2 An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. network low complexity cloudera CWE-89 critical	9.9

Vulnerabilities > Cloudera {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cloudera"}]}

Vulnerabilities > Cloudera