English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

← Back to Products

ranger

Vendor: apache

5
Total CVEs
2
Critical
0
High
2
Medium
1
Low

Recent CVEs

CVE-2025-59060

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this i...

Affected versions: 0.4.0 0.4.1 0.5.0 0.5.1 0.5.2 +17 more

Published: Mar 3, 2026

5.3

CVSS

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue....

Affected versions: 0.4.0 0.4.1 0.5.0 0.5.1 0.5.2 +17 more

Published: Mar 3, 2026

9.8

CVSS

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue....

Affected versions: 0.4.0 0.4.1 0.5.0 0.5.1 0.5.2 +16 more

Published: Mar 3, 2025

9.8

CVSS

CVE-2024-45479

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue....

Affected versions: 2.4.0

Published: Jan 21, 2025

9.1

CVSS

CVE-2024-45478

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue....

Affected versions: 2.4.0

Published: Jan 21, 2025

4.8

CVSS

CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix....

Affected versions: 0.7.0 0.7.1 1.0.0 1.1.0 1.2.0

Published: Aug 8, 2019

4.3

CVSS

CVE-2018-11778

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0...

Affected versions: 0.4.0 0.4.1 0.5.0 0.5.1 0.5.2 +9 more

Published: Oct 5, 2018

6.5

CVSS

CVE-2016-6815

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role....

Affected versions: 0.4.0 0.5.0 0.5.1 0.5.2 0.5.3 +2 more

Published: Oct 13, 2017

4.0

CVSS

CVE-2016-5395

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web scri...

Affected versions: 0.5.1 0.5.2 0.5.3 0.6.0

Published: Sep 26, 2016

3.5

CVSS

CVE-2016-2174

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/p...

Affected versions: 0.5.0 0.5.1 0.5.2

Published: Jun 13, 2016

6.5

CVSS

CVE-2016-0735

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy....

Affected versions: 0.5.0 0.5.1

Published: Apr 11, 2016

6.5

CVSS