CVE-2014-3582
CRITICALApache Ambari 1.2.0-2.2.2 - OS Command Injection via SSL Certificate Generation
Title source: llmDescription
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0
Scores
CVSS v3
9.8
EPSS
0.0034
EPSS Percentile
56.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
apache/ambari
< 2.2.2
Published
Mar 29, 2017
Tracked Since
Feb 18, 2026