Vulnerability CVE-2012-2230
Published: 2012-04-12

Description:
Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cloudera -> Cloudera manager 
Cloudera -> Cloudera service and configuration manager 

 References:
https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin
https://exchange.xforce.ibmcloud.com/vulnerabilities/74823
Copyright 2024, cxsecurity.com

 

Back to Top