CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 8.0
References () https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc - Mailing List, Vendor Advisory () https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc - Mailing List, Vendor Advisory

20 Jul 2023, 01:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Apache
Apache ambari
References (MISC) https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc - (MISC) https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc - Mailing List, Vendor Advisory
CPE cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*

12 Jul 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-12 10:15

Updated : 2024-11-21 07:24


NVD link : CVE-2022-42009

Mitre link : CVE-2022-42009

CVE.ORG link : CVE-2022-42009


JSON object : View

Products Affected

apache

  • ambari
CWE
CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')