CVE-2017-5636 is a vulnerability in Apache NiFi
Published on October 19, 2017

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.

NVD

Products Associated with CVE-2017-5636

Want to know whenever a new CVE is published for Apache NiFi? stack.watch will email you.

Apache NiFi

Affected Versions

Apache Software Foundation Apache NiFi:

Version 0.7.0 is affected.
Version 0.7.1 is affected.
Version 1.1.0 is affected.
Version 1.1.1 is affected.

Exploit Probability

EPSS

1.20%

Percentile

78.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5636 is a vulnerability in Apache NiFiPublished on October 19, 2017

Products Associated with CVE-2017-5636

Affected Versions

Exploit Probability

CVE-2017-5636 is a vulnerability in Apache NiFi
Published on October 19, 2017