U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cloudera:cloudera_manager:4.7.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2015-4457

Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.

Published: November 26, 2019; 10:15:11 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2015-6495

There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.

Published: November 26, 2019; 9:15:10 AM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-11744

Cloudera Manager through 5.15 has Incorrect Access Control.

Published: July 11, 2019; 10:15:10 AM -0400 		V4.0:(not available)
 V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5798

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.

Published: June 07, 2019; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-10815

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.

Published: May 24, 2019; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-2263

Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process.

Published: March 23, 2017; 4:59:00 PM -0400 		V4.0:(not available)
 V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2014-0220

Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.

Published: June 10, 2014; 10:55:09 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.0 MEDIUM