CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45855 – Apache Ambari: Allows authenticated metrics consumers to perform RCE
https://notcve.org/view.php?id=CVE-2022-45855
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. • https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42009 – Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.
https://notcve.org/view.php?id=CVE-2022-42009
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. • https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1936 – Stored XSS in Apache Ambari
https://notcve.org/view.php?id=CVE-2020-1936
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. Se encontró un problema de tipo cross-site scripting en Apache Ambari Views. Esto se solucionó en Apache Ambari versión 2.7.4 • http://www.openwall.com/lists/oss-security/2021/03/02/1 https://lists.apache.org/thread.html/946a9d72e664ad8bc592168d9a2fed88100c6e9f1bdfea08e91a3184%40%3Cuser.ambari.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •