CVE-2016-5393Improper Access Control in Software Foundation Apache Hadoop

CWE-284Improper Access Control4 documents4 sources
Severity
8.8HIGHNVD
EPSS
2.6%
top 14.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache HadoopApache Hadoop
Timeline
PublishedNov 29
Latest updateMay 17

Description

In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/hadoop8 versions+7
CVEListV5apache_software_foundation/apache_hadoopApache Hadoop 2.6.x before 2.6.5, 2.7.x before 2.7.3

🔴Vulnerability Details

3
OSV
Improper Access Control in Apache Hadoop2022-05-17
GHSA
Improper Access Control in Apache Hadoop2022-05-17
CVEList
CVE-2016-5393: In Apache Hadoop 22016-11-29
CVE-2016-5393 — Improper Access Control | cvebase