Vulnerabilities > Apache > Ambari > 2.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2021-03-02 | CVE-2020-1936 | Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. | 6.1 |
| 2018-05-03 | CVE-2018-8003 | Path Traversal vulnerability in Apache Ambari Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. | 5.3 |
| 2017-03-29 | CVE-2016-4976 | Information Exposure vulnerability in Apache Ambari Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | 5.5 |
| 2017-03-29 | CVE-2014-3582 | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 9.8 |
| 2016-05-18 | CVE-2016-0731 | Improper Access Control vulnerability in Apache Ambari The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | 4.9 |
| 2016-05-18 | CVE-2016-0707 | Permissions, Privileges, and Access Controls vulnerability in Apache Ambari The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | 3.3 |