Apache · Apache Ambari · CVE-2016-4976
**Name of the Vulnerable Software and Affected Versions**
Apache Ambari versions 2.x before 2.4.0
**Description**
The issue allows local users to obtain sensitive information, specifically KDC administrator passwords, via a process listing because these passwords are included on the kadmin command line.
**Recommendations**
For Apache Ambari versions 2.x before 2.4.0, update to version 2.4.0 or later to resolve the issue.