Ambari Security Vulnerabilities and Issues — Ambari CVE List

Lucene search

ApacheAmbari

4 matches found

CVE•added 2018/05/03 11:29 p.m.•50 views

CVE-2018-8003

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is ru...

5.3CVSS5.7AI score0.01901EPSS

CVE•added 2015/11/02 7:59 p.m.•47 views

CVE-2015-5210

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

5.8CVSS4.3AI score0.00993EPSS

CVE•added 2015/11/02 7:59 p.m.•43 views

CVE-2015-1775

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

5.5CVSS6.4AI score0.00344EPSS

CVE•added 2017/03/29 8:59 p.m.•39 views

CVE-2016-4976

Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

5.5CVSS5.4AI score0.00082EPSS