Vulnerabilities > Apache > Ambari > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2022-42009 | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. | 8.8 |
| 2023-07-12 | CVE-2022-45855 | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | 8.8 |
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2018-07-18 | CVE-2018-8042 | Information Exposure Through an Error Message vulnerability in Apache Ambari Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. | 8.1 |
| 2017-05-12 | CVE-2017-5654 | XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0 In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | 7.5 |