Ambari@2.7.0 Security Vulnerabilities and Issues — Ambari@2.7.0 CVE List

Lucene search

ApacheAmbari2.7.0

4 matches found

CVE•added 2024/02/27 5:15 p.m.•7663 views

CVE-2023-50380

XML External Entity injection in apache ambari versions

6.5CVSS7.2AI score0.00102EPSS

CVE•added 2024/03/01 3:15 p.m.•68 views

CVE-2023-50378

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to vers...

6.1CVSS6.2AI score0.01142EPSS

CVE•added 2023/07/12 10:15 a.m.•42 views

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

8.8CVSS8.6AI score0.00186EPSS

CVE•added 2023/07/12 10:15 a.m.•40 views

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

8.8CVSS8.6AI score0.00186EPSS