CVE-2015-0265 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
apache	ranger	𝑥 ≤ 0.4.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://www.securityfocus.com/bid/76208

http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E

http://www.securityfocus.com/bid/76208

http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E