#VU40136 Improper access control in sentry - CVE-2016-0760
Published: August 20, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40136
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-0760
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
sentry
sentry
Software vendor:
Sentry
Sentry
Description
The vulnerability allows a remote authenticated user to execute arbitrary code.
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Remediation
Install update from vendor's website.