Skip to main content

Ranger CVE-2016-6815

MEDIUM
Credentials Management Errors (CWE-255)
2017-10-13 security@apache.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 13, 2017 - 14:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

AnalysisAI

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-255. In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. Affected products include: Apache Ranger. Version information: before 0.6.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ranger

View all
CVE-2015-0266 HIGH POC
7.1 Apr 11

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrict

CVE-2015-0265 MEDIUM POC
6.1 Apr 11

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers

CVE-2016-0733 CRITICAL
9.8 Apr 12

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which

CVE-2017-7676 CRITICAL
9.8 Jun 14

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, te

CVE-2024-55532 CRITICAL
9.8 Mar 03

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Rat

CVE-2025-59059 CRITICAL
9.8 Mar 03

RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%.

CVE-2016-0735 HIGH
8.8 Apr 11

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restr

CVE-2018-11778 HIGH
8.8 Oct 05

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer

CVE-2016-2174 HIGH
7.2 Jun 13

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administr

CVE-2015-5167 MEDIUM
6.5 Apr 12

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrict

CVE-2019-12397 MEDIUM
6.1 Aug 08

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Rated medium

CVE-2016-8746 MEDIUM
5.9 Jun 14

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wi

Share

CVE-2016-6815 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy