Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudera cloudera manager vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-11744
Cloudera Manager up to and including 5.15 has Incorrect Access Control.
Cloudera Cloudera Manager
3.5
CVSSv2
CVE-2017-9326
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.
Cloudera Cloudera Manager 5.11.0
4
CVSSv2
CVE-2017-9327
Secret data of processes managed by CM is not secured by file permissions.
Cloudera Cloudera Manager 5.9.2
Cloudera Cloudera Manager 5.10.1
Cloudera Cloudera Manager 5.11.0
4.3
CVSSv2
CVE-2018-15913
An issue exists in Cloudera Manager 5.x up to and including 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As ...
Cloudera Cloudera Manager
4.3
CVSSv2
CVE-2018-5798
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13
Cloudera Cloudera Manager
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.14.0
Cloudera Cloudera Manager 5.14.1
Cloudera Cloudera Manager 5.12
Cloudera Cloudera Manager 5.12.2
5.5
CVSSv2
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS...
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13.0
Cloudera Navigator Key Trustee Kms 5.12.0
Cloudera Navigator Key Trustee Kms 5.13.0
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.12.0
Cloudera Cloudera Manager 5.12.2
4
CVSSv2
CVE-2018-10815
An issue exists in Cloudera Manager prior to 5.13.4, 5.14.x prior to 5.14.4, and 5.15.x prior to 5.15.1. A read-only user can access sensitive cluster information.
Cloudera Cloudera Manager
3.5
CVSSv2
CVE-2015-4078
Cloudera Navigator 2.2.x prior to 2.2.4 and 2.3.x prior to 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle malicious users to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Cloudera Navigator 2.2.2
Cloudera Cloudera Manager 5.4.0
Cloudera Cloudera Manager 5.3.0
Cloudera Cloudera Manager 5.3.2
Cloudera Cloudera Manager 5.3.3
Cloudera Navigator 2.2.3
Cloudera Navigator 2.3.0
Cloudera Navigator 2.3.1
Cloudera Navigator 2.2.0
Cloudera Navigator 2.2.1
Cloudera Cloudera Manager 5.4.1
Cloudera Cloudera Manager 5.3.1
2.1
CVSSv2
CVE-2015-2263
Cloudera Manager 4.x, 5.0.x prior to 5.0.6, 5.1.x prior to 5.1.5, 5.2.x prior to 5.2.5, and 5.3.x prior to 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by readi...
Cloudera Cloudera Manager 5.3.0
Cloudera Cloudera Manager 5.2.1
Cloudera Cloudera Manager 5.1.4
Cloudera Cloudera Manager 5.0.1
Cloudera Cloudera Manager 5.0.0
Cloudera Cloudera Manager 4.6.2
Cloudera Cloudera Manager 4.6.0
Cloudera Cloudera Manager 4.5.0
Cloudera Cloudera Manager 4.1.3
Cloudera Cloudera Manager 4.0.1
Cloudera Cloudera Manager 5.3.1
Cloudera Cloudera Manager 5.3.2
Cloudera Cloudera Manager 5.2.4
Cloudera Cloudera Manager 5.2.2
Cloudera Cloudera Manager 4.7.3
Cloudera Cloudera Manager 4.7.2
Cloudera Cloudera Manager 4.7.1
Cloudera Cloudera Manager 4.7.0
Cloudera Cloudera Manager 4.1.1
Cloudera Cloudera Manager 4.1.0
Cloudera Cloudera Manager 4.0.4
Cloudera Cloudera Manager 4.0.3
4.3
CVSSv2
CVE-2016-4948
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Ke...
Cloudera Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »