Vulnerability Details : CVE-2015-4166
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.
Products affected by CVE-2015-4166
- cpe:2.3:a:cloudera:key_trustee_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4166
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4166
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-4166
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4166
-
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_jpc_mwm_js
Cloudera Security Bulletins | 5.x | Cloudera DocumentationMitigation;Vendor Advisory
Jump to