CVE-2016-6807 Vulnerability Details

  /     /     /  

CVE-2016-6807 Metadata Quick Info

CVE Published: 28/03/2017 | CVE Updated: 06/08/2024 | CVE Year: 2016
Source: apache | Vendor: Apache Software Foundation | Product: Apache Ambari
Status : PUBLISHED

---

CVE-2016-6807 Description

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: missing authorization check
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).