Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ambari
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-29 | CVE-2016-4976 | Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing. | Ambari | 5.5 | ||
| 2016-05-18 | CVE-2016-0731 | The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | Ambari | 4.9 | ||
| 2016-05-18 | CVE-2016-0707 | The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | Ambari | 3.3 | ||
| 2015-11-02 | CVE-2015-5210 | Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | Ambari | N/A | ||
| 2015-11-08 | CVE-2015-4940 | Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. | Ambari | N/A | ||
| 2015-11-08 | CVE-2015-4928 | Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields. | Ambari | N/A | ||
| 2015-11-02 | CVE-2015-3270 | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | Ambari | N/A | ||
| 2015-11-02 | CVE-2015-3186 | Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | Ambari | N/A | ||
| 2015-11-02 | CVE-2015-1775 | Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | Ambari | N/A | ||
| 2017-03-29 | CVE-2014-3582 | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | Ambari | 9.8 |