CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-2109

Malicious code in bioql PyPI...

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-2093

Malicious code in bioql PyPI...

RedhatCVE•added 2025/02/05 10:27 p.m.•11 views

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS7.7AI score0.00217EPSS

OSV•added 2023/07/12 12:31 p.m.•17 views

GHSA-P7W2-784M-QPQ9 Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.5AI score0.00217EPSS

OSV•added 2023/07/12 12:31 p.m.•17 views

GHSA-M384-PJ54-5VR2 Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.5AI score0.00217EPSS

Github Security Blog•added 2023/07/12 12:31 p.m.•26 views

Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8AI score0.00217EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2023/07/12 12:31 p.m.•32 views

Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8AI score0.00217EPSS

Exploits0References3Affected Software1

OSV•added 2023/07/12 10:15 a.m.•22 views

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.1AI score0.00217EPSS

NVD•added 2023/07/12 10:15 a.m.•11 views

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.3AI score0.00217EPSS

NVD•added 2023/07/12 10:15 a.m.•16 views

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.3AI score0.00217EPSS

OSV•added 2023/07/12 10:15 a.m.•16 views

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.1AI score

Prion•added 2023/07/12 10:15 a.m.•10 views

Sql injection

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

6.5CVSS8.9AI score0.00217EPSS

Prion•added 2023/07/12 10:15 a.m.•20 views

Sql injection

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

6.5CVSS8.9AI score0.00217EPSS

Cvelist•added 2023/07/12 9:59 a.m.•24 views

CVE-2022-45855 Apache Ambari: Allows authenticated metrics consumers to perform RCE

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8CVSS9.2AI score0.00217EPSS

CVE•added 2023/07/12 9:59 a.m.•49 views

CVE-2022-45855

Apache Ambari is affected by a SpringEL injection in the metrics source, enabling a maliciously authenticated user to execute arbitrary code remotely in Ambari versions 2.7.0–2.7.6. The documented remediation is to upgrade to version 2.7.7. If your environment uses these versions, apply the upgra...

Vulnrichment•added 2023/07/12 9:59 a.m.•26 views

CVE-2022-45855 Apache Ambari: Allows authenticated metrics consumers to perform RCE

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8CVSS7.7AI score0.00217EPSS

Cvelist•added 2023/07/12 9:58 a.m.•21 views

CVE-2022-42009 Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8CVSS9.2AI score0.00217EPSS

CVE•added 2023/07/12 9:58 a.m.•52 views

CVE-2022-42009

CVE-2022-42009 describes a SpringEL injection in Apache Ambari’s server agent that allows a malicious authenticated user to execute arbitrary code remotely. Affected versions are Ambari 2.7.0–2.7.6; exploitation would occur through the server agent component, enabling remote code execution. The p...