Vulnerabilities > Apache > Ambari > 2.7.6

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2022-42009 Expression Language Injection vulnerability in Apache Ambari
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely.
network
low complexity
apache CWE-917
8.8
8.8
2023-07-12 CVE-2022-45855 Expression Language Injection vulnerability in Apache Ambari
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
network
low complexity
apache CWE-917
8.8
8.8