CVE-2016-2174

CWE-89 — SQL Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.6%

top 31.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ranger

Timeline

PublishedJun 13

Latest updateOct 17

Description

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶Mavenorg.apache.ranger:ranger< 0.5.3

▶NVDapache/ranger0.5.0, 0.5.1, 0.5.2+2

🔴Vulnerability Details

OSV

SQL injection vulnerability in the policy admin tool in Apache Ranger↗2018-10-17

▶

GHSA

SQL injection vulnerability in the policy admin tool in Apache Ranger↗2018-10-17

▶

CVEList

CVE-2016-2174: SQL injection vulnerability in the policy admin tool in Apache Ranger before 0↗2016-06-13

▶