Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ambari vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-1936
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
Apache Ambari
5.5
CVSSv3
CVE-2016-4976
Apache Ambari 2.x prior to 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
Apache Ambari 2.2.1
Apache Ambari 2.1.2
Apache Ambari 2.0.0
Apache Ambari 2.1.1
Apache Ambari 2.2.2
Apache Ambari 2.2.0
Apache Ambari 2.0.1
Apache Ambari 2.0.2
Apache Ambari 2.1.0
5.3
CVSSv3
CVE-2018-8003
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the ...
Apache Ambari
4.9
CVSSv3
CVE-2016-0731
The File Browser View in Apache Ambari prior to 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
Apache Ambari
4.5
CVSSv3
CVE-2023-36881
Azure Apache Ambari Spoofing Vulnerability
Microsoft Azure Hdinsights -
4.5
CVSSv3
CVE-2023-23408
Azure Apache Ambari Spoofing Vulnerability
Microsoft Azure Hdinsights -
1 EDB exploit
3.3
CVSSv3
CVE-2016-0707
The agent in Apache Ambari prior to 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories.
Apache Ambari
NA
CVE-2023-50378
Lack of proper input validation and constraint enforcement in Apache Ambari before 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended t...
NA
CVE-2023-50380
XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-pr...
NA
CVE-2023-50379
Malicious code injection in Apache Ambari in before 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »