VYPR
High severity7.2NVD Advisory· Published Jun 13, 2016· Updated Jun 17, 2026

CVE-2016-2174

CVE-2016-2174

Description

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.ranger:rangerMaven
< 0.5.30.5.3

Affected products

4
  • Apache/Ranger3 versions
    cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ranger:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ranger:0.5.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.5.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.