CVE-2015-4940
- EPSS 0.12%
- Veröffentlicht 08.11.2015 22:59:11
- Zuletzt bearbeitet 12.04.2025 10:46:40
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2015-4928
- EPSS 0.86%
- Veröffentlicht 08.11.2015 22:59:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.
CVE-2015-5210
- EPSS 0.99%
- Veröffentlicht 02.11.2015 19:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.
CVE-2015-3270
- EPSS 1.02%
- Veröffentlicht 02.11.2015 19:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
CVE-2015-3186
- EPSS 0.2%
- Veröffentlicht 02.11.2015 19:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.
CVE-2015-1775
- EPSS 0.34%
- Veröffentlicht 02.11.2015 19:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.