CVE-2022-45855
Apache Ambari: Allows authenticated metrics consumers to perform RCE
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Productos afectados
Apache Software Foundation · Apache Ambari¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →