Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-5636

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2017-5636
  • Apache » Nifi » Version: 0.7.0
    cpe:2.3:a:apache:nifi:0.7.0
  • Apache » Nifi » Version: 0.7.1
    cpe:2.3:a:apache:nifi:0.7.1
  • Apache » Nifi » Version: 1.1.0
    cpe:2.3:a:apache:nifi:1.1.0
  • Apache » Nifi » Version: 1.1.1
    cpe:2.3:a:apache:nifi:1.1.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved