CVE-2022-42009
Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache AmbariQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →