Vulnerabilities > Cloudera > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2017-9326 | Credentials Management vulnerability in Cloudera Manager 5.11.0 The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. | 7.5 |
| 2019-07-03 | CVE-2017-9325 | Improper Authorization vulnerability in Cloudera CDH The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. | 7.5 |
| 2018-02-05 | CVE-2017-15536 | Improper Privilege Management vulnerability in Cloudera Data Science Workbench An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. | 8.8 |
| 2017-04-10 | CVE-2016-6605 | Improper Access Control vulnerability in Cloudera CDH Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | 7.5 |
| 2017-03-07 | CVE-2016-4950 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | 7.5 |
| 2017-03-07 | CVE-2016-4949 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | 7.5 |