Vulnerability Details CVE-2022-42009
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 8.0
References
Products affected by CVE-2022-42009
-
cpe:2.3:a:apache:ambari:2.7.0
-
cpe:2.3:a:apache:ambari:2.7.1
-
cpe:2.3:a:apache:ambari:2.7.3
-
cpe:2.3:a:apache:ambari:2.7.4
-
cpe:2.3:a:apache:ambari:2.7.5
-
cpe:2.3:a:apache:ambari:2.7.6