Vulnerabilities > Apache > Ambari > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2022-42009 Unspecified vulnerability in Apache Ambari
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely.
network
low complexity
apache
8.8
2023-07-12 CVE-2022-45855 Unspecified vulnerability in Apache Ambari
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
network
low complexity
apache
8.8
2021-03-17 CVE-2020-13924 Path Traversal vulnerability in Apache Ambari
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
network
low complexity
apache CWE-22
7.5
2018-07-18 CVE-2018-8042 Information Exposure Through an Error Message vulnerability in Apache Ambari
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services.
network
high complexity
apache CWE-209
8.1
2017-05-12 CVE-2017-5654 XML Injection (aka Blind XPath Injection) vulnerability in Apache Ambari 2.4.0/2.4.1/2.5.0
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
network
low complexity
apache CWE-91
7.5