Ambari@* Security Vulnerabilities and Issues — Ambari@* CVE List

Lucene search

ApacheAmbari*

3 matches found

CVE•added 2025/01/21 10:15 p.m.•62 views

CVE-2025-23195

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozieproject, allowing an attacker to inject malicious XML entities. Thisvulnerability occurs due to insecure parsing of XML input using theDocumentBuilderFactory class without disabling external entityresolution. An attacker can explo...

7.5CVSS6.5AI score0.00076EPSS

CVE•added 2025/01/21 10:15 p.m.•51 views

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definitionfeature, allowing authenticated users to inject and execute arbitraryshell commands. The vulnerability arises when defining alert scripts,where the script filename field is executed using sh -c. An attackerwith authenticated access...

8.8CVSS7.8AI score0.00217EPSS

CVE•added 2025/01/21 10:15 p.m.•44 views

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics andAMS Alerts feature, allowing authenticated users to inject and executearbitrary code. The vulnerability occurs when processing alertdefinitions, where malicious input can be injected into the alert scriptexecution path. An attack...

8.8CVSS7.9AI score0.00235EPSS