CVE-2022-42009

CVSS v3.1 8.8 (High)

EPSS 0.10 % (42^th)

Affected Products 1

Advisories 1

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Weaknesses

CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2023-07-12 10:15:09
(14 months ago)
Updated Date: 2023-07-20 01:22:32
(14 months ago)

Affected Products

Apache

Ambari

Configuration #1

		CPE23	From	Up To
	Apache Ambari from 2.7.0 version and prior 2.7.7 version	cpe:2.3:a:apache:ambari	>= 2.7.0	< 2.7.7