CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-22353
https://notcve.org/view.php?id=CVE-2022-22353
14 Mar 2022 — IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. IBM Big SQL en IBM Cloud Pak for Data versiones 7.1.0, 7.1.1, 7.2.0 y 7.2.3, podría permitir a un usuario autenticado con los permisos adecuados obtener información confidencial al omitir las reglas de enmascaramiento de datos mediante una sentencia CRE... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220480 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32483
https://notcve.org/view.php?id=CVE-2021-32483
08 Nov 2021 — Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. Cloudera Manager versión 7.2.4, presenta un Control de Acceso Incorrecto, permitiendo una Escalada de Privilegios para visualizar el Dashboard restringido • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30132
https://notcve.org/view.php?id=CVE-2021-30132
08 Nov 2021 — Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. Cloudera Manager versión 7.2.4, presenta un Control de Acceso Incorrecto, permitiendo una Escalada de Privilegios • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29243
https://notcve.org/view.php?id=CVE-2021-29243
08 Nov 2021 — Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32482
https://notcve.org/view.php?id=CVE-2021-32482
08 Nov 2021 — Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS por medio del parámetro path • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29994
https://notcve.org/view.php?id=CVE-2021-29994
08 Nov 2021 — Cloudera Hue 4.6.0 allows XSS. Cloudera Hue versión 4.6.0, permite un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32481
https://notcve.org/view.php?id=CVE-2021-32481
08 Nov 2021 — Cloudera Hue 4.6.0 allows XSS via the type parameter. Cloudera Hue versión 4.6.0, permite un ataque de tipo XSS por medio del parámetro type • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3167
https://notcve.org/view.php?id=CVE-2021-3167
15 Mar 2021 — In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. En Cloudera Data Engineering (CDE) versión1.3.0, los tokens de autenticación JWT son expuestos para administradores en los registros del servidor del clúster virtual • https://docs.cloudera.com/data-engineering/cloud/release-notes/topics/cde-general-known-issues.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26936
https://notcve.org/view.php?id=CVE-2020-26936
26 Nov 2020 — Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack. Cloudera Data Engineering (CDE) versiones anteriores a 1.1, era vulnerable a un ataque de tipo CSRF • https://docs.cloudera.com/data-engineering/cloud/overview/topics/cde-service-overview.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14449
https://notcve.org/view.php?id=CVE-2019-14449
26 Nov 2019 — An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. Se detectó un problema en Cloudera Manager versiones 5.x anteriores a 5.16.2, versiones 6.0.x anteriores a 6.0.2 y versiones 6.1.x anteriores a 6.1.1. Las consultas impala maliciosas pueden resultar en un ataque de tipo Cross Site Scripting (XSS) cuando se visualizan dentro de este producto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_sky_fq1_cjb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •