Lucene search

[email protected]NVD:CVE-2021-32482

HistoryNov 08, 2021 - 1:15 p.m.

CVE-2021-32482

2021-11-0813:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cloudera manager

xss

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.5%

JSON

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.

Affected configurations

Nvd

Node

clouderacloudera_managerRange5.0.0–5.16.2

clouderacloudera_managerRange6.0.0–6.3.4

clouderacloudera_managerRange7.1.0–7.1.4

clouderacloudera_managerRange7.2.0–7.2.4

clouderacloudera_managerRange7.3.0–7.3.4

VendorProductVersionCPE
clouderacloudera_manager*cpe:2.3:a:cloudera:cloudera_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudera	cloudera_manager	*	cpe:2.3:a:cloudera:cloudera_manager::::::::

References

docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager

my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.5%

JSON

Related for NVD:CVE-2021-32482

cnvd1 cvelist1 cve1 prion1