CVE-2021-32483

all versions

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.

5.3MEDIUM

CVE-2021-30132

all versions

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.

9.8CRITICAL

CVE-2021-32482

>= 5.0.0 and <= 5.16.2

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.

6.1MEDIUM

CVE-2021-29243

>= 5.0.0 and <= 5.16.2

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.

6.1MEDIUM

CVE-2019-14449

>= 5.0.0 and < 5.16.2

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala querie

5.4MEDIUM

CVE-2017-7399

>= 5.0.0 and <= 5.0.7

Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to disc

8.8HIGH

CVE-2016-9271

>= 5.0.0 and <= 5.0.7

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature.

5.4MEDIUM

CVE-2015-4457

< 5.4.3

Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to in

5.4MEDIUM

CVE-2016-3192

>= 5.0.0 and < 5.5.4

Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.

6.5MEDIUM

CVE-2015-6495

< 4.8.6

There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.

7.5HIGH

CVE-2018-11744

<= 5.16

Cloudera Manager through 5.15 has Incorrect Access Control.

8.1HIGH

CVE-2017-9327

all versions

Secret data of processes managed by CM is not secured by file permissions.

6.5MEDIUM

CVE-2017-9326

all versions

The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directo

7.5HIGH

CVE-2018-15913

>= 5.0.0 and <= 5.15.0

An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter

6.1MEDIUM

CVE-2018-6185

all versions

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API ca

4.9MEDIUM

CVE-2018-5798

< 5.12

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.

6.1MEDIUM

CVE-2018-10815

< 5.13.4

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can ac

6.5MEDIUM

CVE-2015-4078

all versions

Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes

3.1LOW

CVE-2015-2263

all versions

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissi

3.3LOW

CVE-2016-4950

<= 5.5.0

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.

7.5HIGH

CVE-2016-4949

<= 5.5.0

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log va

7.5HIGH

CVE-2016-4948

<= 5.5.0

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary

6.1MEDIUM

CVE-2014-8733

all versions

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc

CVE-2014-0220

<= 4.8.2

Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information

CVE-2012-2230

all versions

Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly ins