InthisDocument Wasthisdocumenthelpful?
Description Yes
No
Occurrence
Symptoms
DocumentDetails
ImpactStatement
Recommendation
Type:
Workaround Status: ALERT
LastMajor PUBLISHED
Solution
Update: 15May2017
History Last 15May2017
Update:
APPLIESTO:
RelatedProducts
BigDataApplianceIntegratedSoftwareVersion3.0andlater
Linuxx8664 InformationCenters
DESCRIPTION
DocumentReferences
ThereisascriptinjectionvulnerabilityinClouderaManagershelpsearchbox.TheuserofClouderaManagercanentera
scriptbutthereisnowayforanattackertoinjectascriptexternally.Furthermore,thescriptenteredintothesearchboxhas RecentlyViewed
toactuallyreturnvalidsearchresultsforthescripttoexecute.
OCCURRENCE
Productsaffected:ClouderaManager.
Releasesaffected:
ClouderaManager5.0.0,5.0.1,5.0.2,5.0.5,5.0.6,5.0.7
ClouderaManager5.1.0,5.1.1,5.1.2,5.1.3,5.1.4,5.1.5,5.1.6
ClouderaManager5.2.0,5.2.1,5.2.2,5.2.4,5.2.5,5.2.6,5.2.7
ClouderaManager5.3.0,5.3.1,5.3.2,5.3.3,5.3.4,5.3.6,5.3.7,5.3.8,5.3.9,5.3.10
ClouderaManager5.4.0,5.4.1,5.4.3,5.4.5,5.4.6,5.4.7,5.4.8,5.4.9,5.4.10
ClouderaManager5.5.0,5.5.1,5.5.2,5.5.3,5.5.4,5.5.6
ClouderaManager5.6.0,5.6.1
ClouderaManager5.7.0,5.7.1,5.7.2,5.7.4,5.7.5
ClouderaManager5.8.0,5.8.1,5.8.2,5.8.3
ClouderaManager5.9.0
Note:BDAV3.0.0supportsCDH5.0.0,BDAV3.0.1supportsCDH5.0.1,BDAV3.1.0supportsCDH5.1.0,BDAV4.0.0supports
CDH5.1.2,BDAV4.1supportsCDH5.3.0/5.3.3,BDAV4.2supportsCDH5.4.0/5.4.4,BDAV4.3supportsBDACDH5.4.7,V4.4
supportsCDH5.5.1/5.5.2,BDAV4.5supportsCDH5.7.0/5.7.1/5.7.4,BDAV4.6supportsCDH5.8.0/5.8.2/5.8.3,BDA4.7
supportsCDH5.9.0,andBDA4.8supportsCDH5.10.1.
SYMPTOMS
ImpactState me nt
Usersaffected:AllClouderaManagerusers.
Date/timeofdetection:November10th,2016.
Severity(Low/Medium/High):Low.
Impact:Possibleoverrideofclientsidejavascriptcontrols.
CVE:CVE20169271
https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrlstate=fz13y7ke0_9&_afrLoop=399066251269544 1/1