Vulnerabilities > Apache > Ambari

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2022-42009 Unspecified vulnerability in Apache Ambari
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely.
network
low complexity
apache
8.8
2023-07-12 CVE-2022-45855 Unspecified vulnerability in Apache Ambari
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
network
low complexity
apache
8.8
2021-03-17 CVE-2020-13924 Path Traversal vulnerability in Apache Ambari
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
network
low complexity
apache CWE-22
7.5
2021-03-02 CVE-2020-1936 Cross-site Scripting vulnerability in Apache Ambari
A cross-site scripting issue was found in Apache Ambari Views.
network
low complexity
apache CWE-79
6.1
2018-07-18 CVE-2018-8042 Information Exposure Through an Error Message vulnerability in Apache Ambari
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services.
network
high complexity
apache CWE-209
8.1
2018-05-03 CVE-2018-8003 Path Traversal vulnerability in Apache Ambari
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as.
network
low complexity
apache CWE-22
5.3
2017-05-15 CVE-2017-5655 Information Exposure vulnerability in Apache Ambari
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host.
network
low complexity
apache CWE-200
6.5
2017-05-12 CVE-2017-5654 XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
network
low complexity
apache CWE-91
7.5
2017-04-03 CVE-2017-5642 Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
network
low complexity
apache CWE-276
critical
9.8
2017-03-29 CVE-2016-4976 Information Exposure vulnerability in Apache Ambari
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
local
low complexity
apache CWE-200
5.5