PT-2023-14061 · Apache · Apache Ambari
Jecki Go
·
Published
2023-07-11
·
Updated
2023-07-20
·
CVE-2022-42009
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Ambari versions 2.7.0 through 2.7.6
Description
The issue allows a malicious authenticated user to execute arbitrary code remotely due to SpringEL injection in the server agent.
Recommendations
For Apache Ambari versions 2.7.0 through 2.7.6, upgrade to version 2.7.7 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ambari