CVE-2016-2174 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <0.5.3

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00576 pctl0.67829

Details

SQL injection vulnerability in the policy admin tool in Apache Ranger SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

Metadata

Created: 2018-10-17T17:21:29Z
Modified: 2022-04-27T13:48:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-4rjf-mxfm-98h5/GHSA-4rjf-mxfm-98h5.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-4rjf-mxfm-98h5
Finding: F297
Auto approve: 1