Every CVE whose affected-product data names Apache Ranger, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2024-55532 — CVSS 9.8 (critical): Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended…
CVE-2025-59059 — CVSS 9.8 (critical): Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to…
CVE-2016-0733 — CVSS 9.8 (critical): The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote…
CVE-2017-7676 — CVSS 9.8 (critical): Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can…
CVE-2024-45479 — CVSS 9.1 (critical): SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version…
CVE-2018-11778 — CVSS 8.8 (high): UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions…
CVE-2022-45048 — CVSS 8.4 (high): Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This…
CVE-2021-40331 — CVSS 8.1 (high): An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT…
CVE-2016-2174 — CVSS 7.2 (high): SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute…
CVE-2015-0266 — CVSS 7.1 (high): The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct…
CVE-2016-6815 — CVSS 6.5 (medium): In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
CVE-2015-5167 — CVSS 6.5 (medium): The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST…
CVE-2015-0265 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary…
CVE-2019-12397 — CVSS 6.1 (medium): Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later…
CVE-2017-7677 — CVSS 5.9 (medium): In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission…
CVE-2016-8746 — CVSS 5.9 (medium): Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has…
CVE-2025-59060 — CVSS 5.3 (medium): Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are…
CVE-2024-45478 — CVSS 4.8 (medium): Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to…
CVE-2016-8751 — CVSS 4.8 (medium): Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store…
CVE-2016-5395 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows…