Lucene search

[email protected]NVD:CVE-2022-42009

HistoryJul 12, 2023 - 10:15 a.m.

CVE-2022-42009

2023-07-1210:15:09

CWE-917

[email protected]

web.nvd.nist.gov

apache ambari

springel injection

cve-2022-42009

remote code execution

upgrade

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Affected configurations

NVD

Node

apacheambariRange2.7.0–2.7.7

References

lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

Related for NVD:CVE-2022-42009

osv2 github1 cve1 cvelist1 veracode1 prion1