Known Vulnerabilities for Ambari by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Ambari" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-13924 | In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse ... | 7.5 - HIGH | 2021-03-17 | 2021-03-23 |
| CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, t... | 6.5 - MEDIUM | 2020-09-19 | 2023-11-07 |
| CVE-2020-1936 | A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. | 6.1 - MEDIUM | 2021-03-02 | 2021-03-10 |
| CVE-2018-8042 | Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log m... | 8.1 - HIGH | 2018-07-18 | 2019-10-03 |
| CVE-2018-8003 | Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to cr... | 5.3 - MEDIUM | 2018-05-03 | 2018-06-13 |
| CVE-2017-5655 | In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server ... | 6.5 - MEDIUM | 2017-05-15 | 2017-05-23 |
| CVE-2017-5654 | In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized ... | 7.5 - HIGH | 2017-05-12 | 2017-05-23 |
| CVE-2017-5642 | During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 - CRITICAL | 2017-04-03 | 2019-10-03 |
| CVE-2016-0731 | The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a ... | 4.9 - MEDIUM | 2016-05-18 | 2016-05-18 |
| CVE-2016-0707 | The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-... | 3.3 - LOW | 2016-05-18 | 2016-05-18 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Ambari | 2.7.4 | All | All | All |
| Application | Apache | Ambari | 2.7.3 | All | All | All |
| Application | Apache | Ambari | 2.7.1 | All | All | All |
| Application | Apache | Ambari | 2.7.0 | All | All | All |
| Application | Apache | Ambari | 2.6.2.2 | All | All | All |
| Application | Apache | Ambari | 2.6.2 | All | All | All |
| Application | Apache | Ambari | 2.6.1 | All | All | All |
| Application | Apache | Ambari | 2.6.0 | All | All | All |
| Application | Apache | Ambari | 2.5.2 | All | All | All |
| Application | Apache | Ambari | 2.5.1 | All | All | All |
| Application | Apache | Ambari | 2.5.0 | rc0 | All | All |
| Application | Apache | Ambari | 2.5.0 | - | All | All |
| Application | Apache | Ambari | 2.5.0 | rc1 | All | All |
| Application | Apache | Ambari | 2.5.0 | rc2 | All | All |
| Application | Apache | Ambari | 2.4.3 | All | All | All |
| Application | Apache | Ambari | 2.4.2 | rc1 | All | All |
| Application | Apache | Ambari | 2.4.2 | rc0 | All | All |
| Application | Apache | Ambari | 2.4.2 | - | All | All |
| Application | Apache | Ambari | 2.4.1 | rc1 | All | All |
| Application | Apache | Ambari | 2.4.1 | rc0 | All | All |