GCVE - cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cloudera:cloudera_manager:5.3.0:*:*:*:*:*:*:*

part: a version: 5.3.0 update: *

Vendor	Cloudera (`0dd05bd6-3317-576d-8018-22703a842a4f`)
Product	Cloudera Manager (`0e02ce99-4c09-5552-9b6a-286573d10e71`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-4078`	vulnerable	2026-06-03 14:34:51.134147	Details available Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Published: 2017-03-23T20:00:00.000Z Updated: 2024-08-06T06:04:02.891Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_o1q_wrm_js	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-2263`	vulnerable	2026-06-03 14:34:41.735707	Details available Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. Published: 2017-03-23T20:00:00.000Z Updated: 2024-08-06T05:10:15.627Z Open on db.gcve.eu Reference links https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0_3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8733`	vulnerable	2026-06-03 14:34:25.106952	Details available Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. Published: 2015-02-10T19:00:00.000Z Updated: 2024-08-06T13:26:02.523Z Open on db.gcve.eu Reference links http://www.cloudera.com/content/cloudera/en/documentation/security-bulletins/Security-Bulletin/csb_topic_2.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.