Skip to main content

Impala

7 CVEs product

Monthly

CVE-2021-28131 HIGH This Week

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Privilege Escalation Impala
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-10084 HIGH This Week

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Impala
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-11792 CRITICAL Act Now

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-11785 MEDIUM This Month

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Impala
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-9792 MEDIUM This Month

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-5652 HIGH This Week

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5640 CRITICAL Act Now

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apache Impala
NVD
CVSS 3.0
9.8
EPSS
1.3%
EPSS 3% CVSS 7.5
HIGH This Week

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Privilege Escalation Impala
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Impala
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Impala
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
EPSS 0% CVSS 7.5
HIGH This Week

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Impala
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apache +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy