Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheAmbari*

4 matches found

CVE
CVEadded 2024/02/27 9:15 a.m.3977 views

CVE-2023-50379

Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.

8.8CVSS9AI score0.00669EPSS
CVE
CVEadded 2021/03/02 9:15 a.m.64 views

CVE-2020-1936

A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.

6.1CVSS5.9AI score0.00885EPSS
CVE
CVEadded 2025/01/21 10:15 p.m.63 views

CVE-2025-23195

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozieproject, allowing an attacker to inject malicious XML entities. Thisvulnerability occurs due to insecure parsing of XML input using theDocumentBuilderFactory class without disabling external entityresolution. An attacker can explo...

7.5CVSS6.5AI score0.00127EPSS
CVE
CVEadded 2025/01/21 10:15 p.m.53 views

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definitionfeature, allowing authenticated users to inject and execute arbitraryshell commands. The vulnerability arises when defining alert scripts,where the script filename field is executed using sh -c. An attackerwith authenticated access...

8.8CVSS7.8AI score0.00492EPSS