CVE-2016-5395

medium

Published 2016-09-26 · Modified 2023-11-08

CVSS v3

4.8

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v2

3.5

VIR risk

4.8

Description

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Exploit likelihood

58%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Ecosystem	Package	Vulnerable	Fixed
Maven	org.apache.ranger:ranger	`<0.6.1`	`0.6.1`

Vendor	Product	Versions
apache	ranger	`{"endIncluding":"0.5.0"}`
apache	ranger	`0.5.1`
apache	ranger	`0.5.2`
apache	ranger	`0.5.3`
apache	ranger	`0.6.0`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.