What is CVE-2022-42009?

CVE-2022-42009 is a vulnerability in Apache Ambari that allows a malicious authenticated user to execute arbitrary code remotely.

What is the severity of CVE-2022-42009?

CVE-2022-42009 has a severity score of 8.8 (high).

How can I fix CVE-2022-42009?

To fix CVE-2022-42009, users are recommended to upgrade to Apache Ambari version 2.7.7.

Where can I find more information about CVE-2022-42009?

You can find more information about CVE-2022-42009 at the following references: [1] [2] [3].

What is the CWE classification of CVE-2022-42009?

CVE-2022-42009 is classified under CWE-917 (Improper Neutralization of Special Elements used in an Expression Language Statement).

Vulnerability/
CVE-2022-42009

high

8.8

CWE

917

11/7/2023

12/7/2023

4/10/2024

CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.

First published: Tue Jul 11 2023(Updated: )

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Credit: security@apache.org security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Ambari	>=2.7.0<2.7.7
maven/org.apache.ambari:ambari	>=2.7.0<2.7.7	2.7.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-42009?
CVE-2022-42009 is a vulnerability in Apache Ambari that allows a malicious authenticated user to execute arbitrary code remotely.
What is the severity of CVE-2022-42009?
CVE-2022-42009 has a severity score of 8.8 (high).
How can I fix CVE-2022-42009?
To fix CVE-2022-42009, users are recommended to upgrade to Apache Ambari version 2.7.7.
Where can I find more information about CVE-2022-42009?
You can find more information about CVE-2022-42009 at the following references: [1] [2] [3].
What is the CWE classification of CVE-2022-42009?
CVE-2022-42009 is classified under CWE-917 (Improper Neutralization of Special Elements used in an Expression Language Statement).

collector/oss-sec
alias/CVE-2022-42009
collector/nvd-latest
collector/github-advisory-latest
alias/GHSA-m384-pj54-5vr2
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-api
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/title
agent/weakness
agent/author
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache ambari
version/apache ambari/2.7.0
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.