Cloudera: >> Cloudera Manager >> 3.7.1 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-26
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Manager through 5.15 has Incorrect Access Control.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-07-11
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-06-07
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-24
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-06-10
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.
CVSS Score
6.5
EPSS Score
0.004
Published
2012-04-12