Every CVE whose affected-product data names Cloudera Cdh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2016-4572 — CVSS 8.8 (high): In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVE-2015-7831 — CVSS 8.8 (high): In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVE-2019-7319 — CVSS 8.3 (high): An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend…
CVE-2016-5724 — CVSS 7.5 (high): Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVE-2016-6605 — CVSS 7.5 (high): Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVE-2017-9325 — CVSS 7.5 (high): The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
CVE-2018-17860 — CVSS 7.2 (high): Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVE-2016-6353 — CVSS 6.5 (medium): Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry…
CVE-2014-0229 — CVSS 6.5 (medium): Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the…
CVE-2013-6446 — CVSS 3.1 (low): The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows…