CVE-2016-6807
Last modified
CVE-2016-6807 is a vulnerability of currently unknown severity. Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.. EPSS estimates a 2.42% chance of exploitation in the next 30 days.
Description
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ambari | 2.4.0 |
| Apache | Ambari | 2.4.1 |
References
- http://www.securityfocus.com/bid/97184Third Party Advisory, VDB Entry
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2Release Notes, Vendor Advisory
- http://www.securityfocus.com/bid/97184Third Party Advisory, VDB Entry
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.2Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6807?
How severe is CVE-2016-6807?
How do I fix CVE-2016-6807?
Are you affected by CVE-2016-6807?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST