Apache · Apache Ambari · CVE-2022-42009
**Name of the Vulnerable Software and Affected Versions**
Apache Ambari versions 2.7.0 through 2.7.6
**Description**
The issue allows a malicious authenticated user to execute arbitrary code remotely due to SpringEL injection in the server agent.
**Recommendations**
For Apache Ambari versions 2.7.0 through 2.7.6, upgrade to version 2.7.7 to resolve the issue.