Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.1%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
Products affected by CVE-2016-8751
  • Apache » Ranger » Version: 0.4.0
    cpe:2.3:a:apache:ranger:0.4.0
  • Apache » Ranger » Version: 0.4.1
    cpe:2.3:a:apache:ranger:0.4.1
  • Apache » Ranger » Version: 0.5.0
    cpe:2.3:a:apache:ranger:0.5.0
  • Apache » Ranger » Version: 0.5.1
    cpe:2.3:a:apache:ranger:0.5.1
  • Apache » Ranger » Version: 0.5.2
    cpe:2.3:a:apache:ranger:0.5.2
  • Apache » Ranger » Version: 0.5.3
    cpe:2.3:a:apache:ranger:0.5.3
  • Apache » Ranger » Version: 0.6.0
    cpe:2.3:a:apache:ranger:0.6.0
  • Apache » Ranger » Version: 0.6.1
    cpe:2.3:a:apache:ranger:0.6.1
  • Apache » Ranger » Version: 0.6.2
    cpe:2.3:a:apache:ranger:0.6.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved