Shodan
Vulnerabilities
Vulnerable Software
Cloudera:  Security Vulnerabilities
CVE-2019-14449
An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-11-26
CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
CVSS Score
8.3
EPSS Score
0.006
Published
2019-11-26
CVE-2016-9271
Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-11-26
CVE-2017-7399
Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
CVE-2018-20090
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
CVSS Score
8.3
EPSS Score
0.003
Published
2019-11-26
CVE-2015-4457
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-26
CVE-2018-17860
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-11-26
CVE-2015-7831
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
CVE-2016-3131
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
CVE-2016-3192
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved