CVE-2016-6815

EUVD-2018-0699
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
apacheranger
0.4.0
apacheranger
0.5.0
apacheranger
0.5.1
apacheranger
0.5.2
apacheranger
0.5.3
apacheranger
0.6.0
apacheranger
0.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94221
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.securityfocus.com/bid/94221
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger