CVE-2014-3582

CRITICAL

Apache Ambari 1.2.0-2.2.2 - OS Command Injection via SSL Certificate Generation

Title source: llm
STIX 2.1

Description

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0159
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
apache/ambari < 2.2.2
Published Mar 29, 2017
Tracked Since Feb 18, 2026