CVE-2016-6815

CWE-2554 documents4 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 34.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache RangerApache Ranger
Timeline
PublishedOct 13
Latest updateOct 17

Description

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDapache/ranger7 versions+6
CVEListV5apache_software_foundation/apache_ranger0.5.x, 0.6.0, 0.6.1+2

🔴Vulnerability Details

3
GHSA
Moderate severity vulnerability that affects org.apache.ranger:ranger2018-10-17
OSV
Moderate severity vulnerability that affects org.apache.ranger:ranger2018-10-17
CVEList
CVE-2016-6815: In Apache Ranger before 02017-10-13