CVE-2016-2174

CVSS v3.0 7.2 (High)

CVSS v2.0 6.5 (Medium)

EPSS 0.13 % (48^th)

Affected Products 1

Advisories 1

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

Weaknesses

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2016-06-13 14:59:02
(8 years ago)
Updated Date: 2016-06-14 12:33:10
(8 years ago)

Affected Products

Apache

Ranger

Configuration #1

		CPE23	From	Up To
	Apache Ranger 0.5.0	cpe:2.3:a:apache:ranger:0.5.0
	Apache Ranger 0.5.1	cpe:2.3:a:apache:ranger:0.5.1
	Apache Ranger 0.5.2	cpe:2.3:a:apache:ranger:0.5.2