Apache Software Foundation Atlas 0.6.0 Release Candidate 0

CPE Details

Apache Software Foundation Atlas 0.6.0 Release Candidate 0
apache
atlas
0.6.0
2019-12-11
12h46 +00:00
2019-12-11
12h46 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:atlas:0.6.0:rc0:*:*:*:*:*:*

Informations

Vendor

apache

Product

atlas

Version

0.6.0

Update

rc0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-13928 2020-09-16 15h38 +00:00 Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
6.1
Medium
CVE-2016-8752 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
7.5
High
CVE-2017-3150 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
6.1
Medium
CVE-2017-3151 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
6.1
Medium
CVE-2017-3152 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
6.1
Medium
CVE-2017-3153 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
6.1
Medium
CVE-2017-3154 2017-08-29 20h00 +00:00 Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
7.5
High
CVE-2017-3155 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
6.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.