Vulnerabilities > Apache > Ambari > 2.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-27 | CVE-2023-50380 | Unspecified vulnerability in Apache Ambari XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. | 6.5 |
| 2023-07-12 | CVE-2022-42009 | Unspecified vulnerability in Apache Ambari SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. | 8.8 |
| 2023-07-12 | CVE-2022-45855 | Unspecified vulnerability in Apache Ambari SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | 8.8 |
| 2021-03-02 | CVE-2020-1936 | Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. | 6.1 |