Ranger

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-59060 MEDIUM PATCH This Month

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. [CVSS 5.3 MEDIUM]

Apache Ranger
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59059 CRITICAL PATCH Act Now

RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%.

Apache RCE Ranger
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-55532 CRITICAL PATCH Act Now

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Ranger
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-45479 CRITICAL PATCH This Week

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Ranger
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-45478 MEDIUM PATCH Monitor

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Ranger
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2025-59060
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. [CVSS 5.3 MEDIUM]

Apache Ranger
NVD
CVE-2025-59059
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

RCE in Apache Ranger <= 2.7.0 via NashornScriptEngineCreator. EPSS 0.42%.

Apache RCE Ranger
NVD
CVE-2024-55532
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Ranger
NVD
CVE-2024-45479
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Ranger
NVD
CVE-2024-45478
EPSS 1% CVSS 4.8
MEDIUM PATCH Monitor

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Ranger
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy