Vulnerability Description
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
CVSS Score
7.2
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ranger | 0.5.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/06/01/3
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Rang
- http://www.openwall.com/lists/oss-security/2016/06/01/3
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Rang
FAQ
What is CVE-2016-2174?
CVE-2016-2174 is a vulnerability with a CVSS score of 7.2 (HIGH). SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/p...
How severe is CVE-2016-2174?
CVE-2016-2174 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2174?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ranger.