PT-2017-9022 · Apache · Ambari Agent

Published

2017-03-28

Updated

2022-05-17

CVE-2016-6807

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ambari Agent versions 2.4.x through 2.4.1 Ambari Agent versions prior to 2.4.2

Description The issue allows custom commands to be executed on Ambari Agent hosts without proper authorization. This can lead to unauthorized access to certain operations that may impact the underlying system. These operations are invoked by the Ambari Agent process, running as the user who executes the Ambari Agent process.

Recommendations For Ambari Agent versions 2.4.x through 2.4.1, update to version 2.4.2 or later to resolve the issue. For Ambari Agent versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-6807

GHSA-J76Q-99X2-V7VQ

Affected Products

Ambari Agent

PT-2017-9022 · Apache · Ambari Agent

CVE-2016-6807

Weakness Enumeration

Related Identifiers

Affected Products

References · 7