) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cloudera:cloudera_manager:3.7.5:*:free:*:*:*:*:*
- CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-4457 |
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. Published: November 26, 2019; 10:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2015-6495 |
There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. Published: November 26, 2019; 9:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-11744 |
Cloudera Manager through 5.15 has Incorrect Access Control. Published: July 11, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-5798 |
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. Published: June 07, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-10815 |
An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. Published: May 24, 2019; 1:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2014-0220 |
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. Published: June 10, 2014; 10:55:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |