Apache Software Foundation Atlas 0.6.0 Release Candidate 0

CPE Details

Apache Software Foundation Atlas 0.6.0 Release Candidate 0
apache
atlas
0.6.0
2019-12-11
12h46 +00:00
2019-12-11
12h46 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:atlas:0.6.0:rc0:*:*:*:*:*:*

Informations

Vendor

apache

Product

atlas

Version

0.6.0

Update

rc0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-13928 2020-09-16 15h38 +00:00 Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
6.1
Moyen
CVE-2016-8752 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
7.5
Haute
CVE-2017-3150 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
6.1
Moyen
CVE-2017-3151 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
6.1
Moyen
CVE-2017-3152 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
6.1
Moyen
CVE-2017-3153 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
6.1
Moyen
CVE-2017-3154 2017-08-29 20h00 +00:00 Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
7.5
Haute
CVE-2017-3155 2017-08-29 20h00 +00:00 Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
6.1
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.