Every CVE whose affected-product data names Apache Impala, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2017-5640 — CVSS 9.8 (critical): It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala…
CVE-2018-11792 — CVSS 9.8 (critical): In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as…
CVE-2019-10084 — CVSS 7.5 (high): In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those…
CVE-2021-28131 — CVSS 7.5 (high): Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the…
CVE-2017-5652 — CVSS 7.5 (high): During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext…
CVE-2018-11785 — CVSS 6.5 (medium): Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into…
CVE-2017-9792 — CVSS 6.5 (medium): In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table…