Ambari Security Vulnerabilities and Issues — Ambari CVE List

Lucene search

ApacheAmbari

6 matches found

CVE•added 2015/11/02 7:59 p.m.•47 views

CVE-2015-5210

Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.

5.8CVSS4.3AI score0.00993EPSS

CVE•added 2015/11/02 7:59 p.m.•43 views

CVE-2015-1775

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

5.5CVSS6.4AI score0.00344EPSS

CVE•added 2015/11/08 10:59 p.m.•41 views

CVE-2015-4940

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.

2.1CVSS5.8AI score0.00117EPSS

CVE•added 2015/11/02 7:59 p.m.•38 views

CVE-2015-3186

Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change.

3.5CVSS5.4AI score0.00204EPSS

CVE•added 2015/11/08 10:59 p.m.•37 views

CVE-2015-4928

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

4.3CVSS6.1AI score0.00861EPSS

CVE•added 2015/11/02 7:59 p.m.•36 views

CVE-2015-3270

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.

6.5CVSS6.9AI score0.01015EPSS