CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29243
https://notcve.org/view.php?id=CVE-2021-29243
08 Nov 2021 — Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32482
https://notcve.org/view.php?id=CVE-2021-32482
08 Nov 2021 — Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. Cloudera Manager versiones 5.x, 6.x, 7.1.x, 7.2.x y 7.3.x, permiten un ataque de tipo XSS por medio del parámetro path • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14449
https://notcve.org/view.php?id=CVE-2019-14449
26 Nov 2019 — An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. Se detectó un problema en Cloudera Manager versiones 5.x anteriores a 5.16.2, versiones 6.0.x anteriores a 6.0.2 y versiones 6.1.x anteriores a 6.1.1. Las consultas impala maliciosas pueden resultar en un ataque de tipo Cross Site Scripting (XSS) cuando se visualizan dentro de este producto. • https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_sky_fq1_cjb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11744
https://notcve.org/view.php?id=CVE-2018-11744
11 Jul 2019 — Cloudera Manager through 5.15 has Incorrect Access Control. Cloudera Manager hasta la versión 5.15, presenta un Control de Acceso Incorrecto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9326
https://notcve.org/view.php?id=CVE-2017-9326
03 Jul 2019 — The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. La contraseña del almacén de claves para Spark History Server puede estar expuesta en archivos no protegidos en el directorio /var/run/cloudera-scm-agent administrado por Cloudera Manager. El archivo de almacén de claves en sí no está expuesto. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9327
https://notcve.org/view.php?id=CVE-2017-9327
03 Jul 2019 — Secret data of processes managed by CM is not secured by file permissions. Los datos secretos de los procesos administrados por CM no están protegidos por permisos de archivo. • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-275: Permission Issues •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15913
https://notcve.org/view.php?id=CVE-2018-15913
20 Jun 2019 — An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl parameter with pa... • https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-5798
https://notcve.org/view.php?id=CVE-2018-5798
07 Jun 2019 — This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. Este CVE se relaciona con una vulnerabilidad de cross site scripting no especificada en Cloudera Manager. • https://www.cloudera.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-10815
https://notcve.org/view.php?id=CVE-2018-10815
24 May 2019 — An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information. Se detectó un problema en Cloudera Manager versión anterior a 5.13.4, versión 5.14.x anterior a 5.14.4 y versión 5.15.x anterior a 5.15.1. Un usuario de solo lectura puede acceder a información confidencial del clúster. • https://www.cloudera.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •