PT-2023-14783 · Apache · Apache Ambari
Rg
·
Published
2023-07-11
·
Updated
2023-07-20
·
CVE-2022-45855
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Ambari versions 2.7.0 through 2.7.6
Description
The issue allows a malicious authenticated user to execute arbitrary code remotely due to SpringEL injection in the metrics source. Users are recommended to upgrade to version 2.7.7 to resolve the issue.
Recommendations
For Apache Ambari versions 2.7.0 through 2.7.6, upgrade to version 2.7.7 to fix the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ambari