Vulnerability Details CVE-2016-4976
Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://www.securityfocus.com/bid/97229
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0
- http://www.securityfocus.com/bid/97229
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0
Products affected by CVE-2016-4976
-
cpe:2.3:a:apache:ambari:2.0.0
-
cpe:2.3:a:apache:ambari:2.0.1
-
cpe:2.3:a:apache:ambari:2.0.2
-
cpe:2.3:a:apache:ambari:2.1.0
-
cpe:2.3:a:apache:ambari:2.1.1
-
cpe:2.3:a:apache:ambari:2.1.2
-
cpe:2.3:a:apache:ambari:2.2.0
-
cpe:2.3:a:apache:ambari:2.2.1
-
cpe:2.3:a:apache:ambari:2.2.2