CVE-2022-45855
Apache Ambari: Allows authenticated metrics consumers to perform RCE
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache AmbariWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →