CVE-2014-0229 - Vulnerability Details

Vendors	Products
Apache	Hadoop
Cloudera	Cdh

Link	Providers
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-30T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-23T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0229", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r", "refsource": "CONFIRM", "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:39.339Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0229", "datePublished": "2017-03-23T20:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.339Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-04-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-03-23T19:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2014-0229 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

refsource : CONFIRM (string)

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T09:05:39.339Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2014-0229 (string)

datePublished : 2017-03-23T20:00:00 (string)

dateReserved : 2013-12-03T00:00:00 (string)

dateUpdated : 2024-08-06T09:05:39.339Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEFFAE88-DD05-4431-A011-385D48033BE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "BF18527D-BF9B-4495-AF89-F976322E3A69", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "029481B4-F0BC-4C44-B5DB-4AE66AE92334", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "501DBE03-139A-46E9-BFD5-B7D8245AD2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "AD95328D-ED9A-4889-96E7-C7B3041745FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*", "matchCriteriaId": "65899B21-D364-4E6D-8E82-1D408BA4E2A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*", "matchCriteriaId": "5512B2DD-5136-4215-899C-FB48AFA8A2CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*", "matchCriteriaId": "68A3493C-3D69-46A9-920A-8BB44B090609", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*", "matchCriteriaId": "74588026-F427-4E31-89FA-FFCE5B2EC108", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*", "matchCriteriaId": "1FD4F0BA-614B-47A9-B916-DD1400FCE532", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*", "matchCriteriaId": "3D8C1670-EFEF-409B-B985-5815B6791B24", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*", "matchCriteriaId": "EF986316-0FB8-4AF9-B372-4FC53C957D8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "11B47B33-C54B-47F7-8AB7-90A589EED6F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."}, {"lang": "es", "value": "Apache Hadoop 0.23.x en versiones anteriores a 0.23.11 y 2.x en versiones anteriores a 2.4.1, como se utiliza en Cloudera CDH 5.0.x en versiones anteriores a 5.0.2, no verifica la autorizaci\u00f3n para los comandos de administraci\u00f3n HDFS (1) refreshNamenodes, (2) deleteBlockPool y (3) ShutdownDatanode, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (cierre de DataNodes) o realizar operaciones innecesarias emitiendo un comando."}], "id": "CVE-2014-0229", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-23T20:59:00.203", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BEFFAE88-DD05-4431-A011-385D48033BE1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : B0293F82-7BA9-4608-96B7-CCED9A98313C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:* (string)

matchCriteriaId : BF18527D-BF9B-4495-AF89-F976322E3A69 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 029481B4-F0BC-4C44-B5DB-4AE66AE92334 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 501DBE03-139A-46E9-BFD5-B7D8245AD2C7 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:* (string)

matchCriteriaId : AD95328D-ED9A-4889-96E7-C7B3041745FB (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 65899B21-D364-4E6D-8E82-1D408BA4E2A6 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 5512B2DD-5136-4215-899C-FB48AFA8A2CC (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 68A3493C-3D69-46A9-920A-8BB44B090609 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 74588026-F427-4E31-89FA-FFCE5B2EC108 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 1FD4F0BA-614B-47A9-B916-DD1400FCE532 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D8C1670-EFEF-409B-B985-5815B6791B24 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:* (string)

matchCriteriaId : EF986316-0FB8-4AF9-B372-4FC53C957D8D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 227941BD-D769-45AD-9D61-7FCA3C2264FA (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 18BF490A-0865-47C0-A143-0991B40BD259 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:* (string)

matchCriteriaId : E091799F-203D-4C52-839E-E798770C0287 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 80E53689-C56C-4104-B510-CB4116B898CB (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 591921C3-F7EA-402E-9C36-2EADF0417C72 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 9FA774A9-81B3-4303-B254-C802B4DC8004 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:* (string)

matchCriteriaId : 877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:* (string)

matchCriteriaId : 25DB127F-4293-4847-A8C4-C7F6B74762EE (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:* (string)

matchCriteriaId : E8AE3E25-0726-4039-A3A8-B53F7CF0E638 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 11B47B33-C54B-47F7-8AB7-90A589EED6F9 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. (string)

}

1 : { »

lang : es (string)

value : Apache Hadoop 0.23.x en versiones anteriores a 0.23.11 y 2.x en versiones anteriores a 2.4.1, como se utiliza en Cloudera CDH 5.0.x en versiones anteriores a 5.0.2, no verifica la autorización para los comandos de administración HDFS (1) refreshNamenodes, (2) deleteBlockPool y (3) ShutdownDatanode, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (cierre de DataNodes) o realizar operaciones innecesarias emitiendo un comando. (string)

}

]

id : CVE-2014-0229 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-03-23T20:59:00.203 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object