CVE-2015-5167
MEDIUMApache Ranger < 0.5.0 - Access Control
Title source: ruleDescription
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
References (3)
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Classification
CWE
CWE-264
Status
draft
Affected Products (2)
apache/ranger
< 0.5.0
org.apache.ranger/ranger
< 0.5.1Maven
Timeline
Published
Apr 12, 2016
Tracked Since
Feb 18, 2026