CVE-2016-6807
CRITICAL9.8EPSS 0.84%Apache Ambari Improper Access Control
發布日:2022/5/17修改日:2023/11/8
描述
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
受影響套件(1)
- Maven/org.apache.ambari:ambari>= 2.4.0, < 2.4.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |