2.7.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-12	CVE-2022-42009	Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. network low complexity apache CWE-917	8.8
2023-07-12	CVE-2022-45855	Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. network low complexity apache CWE-917	8.8
2021-03-02	CVE-2020-1936	Cross-site Scripting vulnerability in Apache Ambari A cross-site scripting issue was found in Apache Ambari Views. network apache CWE-79	4.3