Vulnerability Details CVE-2015-4078
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v3 Score 3.1
CVSS v2 Score 3.5
References
Products affected by CVE-2015-4078
-
cpe:2.3:a:cloudera:cloudera_manager:5.3.0
-
cpe:2.3:a:cloudera:cloudera_manager:5.3.1
-
cpe:2.3:a:cloudera:cloudera_manager:5.3.2
-
cpe:2.3:a:cloudera:cloudera_manager:5.3.3
-
cpe:2.3:a:cloudera:cloudera_manager:5.4.0
-
cpe:2.3:a:cloudera:cloudera_manager:5.4.1
-
cpe:2.3:a:cloudera:navigator:2.2.0
-
cpe:2.3:a:cloudera:navigator:2.2.1
-
cpe:2.3:a:cloudera:navigator:2.2.2
-
cpe:2.3:a:cloudera:navigator:2.2.3
-
cpe:2.3:a:cloudera:navigator:2.3.0
-
cpe:2.3:a:cloudera:navigator:2.3.1