CVE-2022-45855
published 2023-07-12CVE-2022-45855: SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ambari | >= 2.7.0 < 2.7.7 | 2.7.7 |
| apache_software_foundation | apache_ambari | 2.7.0 – 2.7.6 | — |