CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:apache:ambari:2.6.2:*:*:*:*:*:*:*
Informations
Vendor
apacheProduct
ambariVersion
2.6.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | 8.8 |
Haute |
||
| In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
Haute |
||
| A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. | 6.1 |
Moyen |
||
| Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie. | 8.1 |
Haute |
