CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4457
https://notcve.org/view.php?id=CVE-2015-4457
26 Nov 2019 — Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz de usuario de Cloudera Manager versiones anteriores a 5.4.3, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario utilizando vectores no especificados. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_c1c_zbn_js • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-6495
https://notcve.org/view.php?id=CVE-2015-6495
26 Nov 2019 — There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. Existe información confidencial en Paquetes de Soporte de Diagnóstico de Cloudera Manager versiones anteriores a 5.4.6. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_alalsdfkl4320_lfsk30f__l2k3jfsw34__39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11744
https://notcve.org/view.php?id=CVE-2018-11744
11 Jul 2019 — Cloudera Manager through 5.15 has Incorrect Access Control. Cloudera Manager hasta la versión 5.15, presenta un Control de Acceso Incorrecto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5798
https://notcve.org/view.php?id=CVE-2018-5798
07 Jun 2019 — This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. Este CVE se relaciona con una vulnerabilidad de cross site scripting no especificada en Cloudera Manager. • https://www.cloudera.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10815
https://notcve.org/view.php?id=CVE-2018-10815
24 May 2019 — An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. Se detectó un problema en Cloudera Manager versión anterior a 5.13.4, versión 5.14.x anterior a 5.14.4 y versión 5.15.x anterior a 5.15.1. Un usuario de solo lectura puede acceder a información confidencial del clúster. • https://www.cloudera.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2014-0220 – Cloudera Manager 4.8.2 / 5.0.0 Information Disclosure
https://notcve.org/view.php?id=CVE-2014-0220
05 Jun 2014 — Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. Cloudera Manager anterior a 4.8.3 y 5.x anterior a 5.0.1 permite a usuarios remotos autenticados obtener información sensible de configuraciones a través de la API. Cloudera Manager versions 4.8.2 and below and 5.0.0 suffer from a sensitive configuration value exposure. • http://packetstormsecurity.com/files/126956/Cloudera-Manager-4.8.2-5.0.0-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2230
https://notcve.org/view.php?id=CVE-2012-2230
12 Apr 2012 — Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. Cloudera Manager v3.7.x antes de v3.7.5 y Service and Configuration Manager v3.5, no instala correctamente taskcontroller.cfg si Kerberos no está habilitado, lo que permite suplantar cuentas de usuario de su... • http://secunia.com/advisories/48776 • CWE-310: Cryptographic Issues •