User Session Enumeration Vulnerability in Cloudera Manager
CVE-2016-4950

7.5HIGH

Key Information:

Vendor

Cloudera

Status
Manager
Vendor
CVE Published:
7 March 2017

What is CVE-2016-4950?

Cloudera Manager versions 5.5 and earlier contain a vulnerability that enables remote attackers to enumerate active user sessions through a specific API endpoint. This exposure allows unauthorized individuals to gain insights into user activity, potentially aiding in subsequent attacks. Proper access controls and security measures should be implemented to mitigate this risk.

References

http://www.securityfocus.com/bid/93879
vdb-entryx_refsource_BID
http://2016.hack.lu/archive/2016/Wavestone%20-%20Hack.lu%...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4950 : User Session Enumeration Vulnerability in Cloudera Manager