Ambari@2.0.1 Security Vulnerabilities and Issues — Ambari@2.0.1 CVE List

Lucene search

ApacheAmbari2.0.1

5 matches found

CVE•added 2015/11/02 7:59 p.m.•47 views

CVE-2015-5210

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

5.8CVSS4.3AI score0.00993EPSS

CVE•added 2015/11/02 7:59 p.m.•43 views

CVE-2015-1775

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

5.5CVSS6.4AI score0.00344EPSS

CVE•added 2017/03/29 8:59 p.m.•39 views

CVE-2016-4976

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.4AI score0.00082EPSS

CVE•added 2015/11/02 7:59 p.m.•38 views

CVE-2015-3186

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

3.5CVSS5.4AI score0.00204EPSS

CVE•added 2015/11/02 7:59 p.m.•36 views

CVE-2015-3270

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.

6.5CVSS6.9AI score0.01015EPSS