CVE-2015-4166 - Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attack

CVE-2015-4166

Summary

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_jpc_mwm_js

Vulnerable Configurations

cpe:2.3:a:cloudera:key_trustee_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudera:key_trustee_server:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 27-03-2017 - 18:08)
Impact:
Exploitability:

CWE

CWE-320

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_jpc_mwm_js

Last major update

27-03-2017 - 18:08

Published

23-03-2017 - 20:59

Last modified

27-03-2017 - 18:08