CVE-2016-6807

Опубликовано: 28 мар. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

Ссылки

http://www.securityfocus.com/bid/97184
Third Party Advisory
VDB Entry
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/97184
Third Party Advisory
VDB Entry
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:ambari:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00841

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-j76q-99x2-v7vq