CVE-2022-45855— Apache Ambari: Allows authenticated metrics consumers to perform RCE
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-45855
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Ambari: Allows authenticated metrics consumers to perform RCE
Source: NVD (National Vulnerability Database)
Vulnerability Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
表达式语言语句中使用的特殊元素转义处理不恰当(表达式语言注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Ambari 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Ambari是美国阿帕奇(Apache)基金会的一个应用软件。提供开发用于配置,管理和监视Apache Hadoop集群的软件来简化Hadoop管理。 Apache Ambari 存在安全漏洞,该漏洞源于 metrics source 中的 SpringEL 注入,可以用于远程执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Ambari | 2.7.0 ~ 2.7.6 | - |
II. Public POCs for CVE-2022-45855
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-45855
请登录查看更多情报信息。
Same Patch Batch · Apache Software Foundation · 2023-07-12 · 13 CVEs total
| CVE-2023-30429 | 9.6 CRITICAL | Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication |
| CVE-2023-37579 | 8.2 HIGH | Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/S |
| CVE-2023-30428 | 8.2 HIGH | Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer |
| CVE-2022-42009 | 8.0 HIGH | Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the c |
| CVE-2023-31007 | Apache Pulsar: Broker does not always disconnect client when authentication data expires | |
| CVE-2023-32200 | Apache Jena: Exposure of execution in script engine expressions. | |
| CVE-2023-35908 | Apache Airflow: Access to DAGs without relevant permission | |
| CVE-2023-22887 | Apache Airflow path traversal by authenticated user | |
| CVE-2022-46651 | Apache Airflow: Security vulnerability on AirFlow Connections | |
| CVE-2023-36543 | Apache Airflow: ReDoS via dags function | |
| CVE-2023-22888 | Apache Airflow: Scheduler remote DoS | |
| CVE-2023-37582 | Apache RocketMQ: Possible remote code execution when using the update configuration functi |
IV. Related Vulnerabilities
Same product: Apache Ambari
- CVE-2024-51941
Apache Ambari: Remote Code Injection in Ambari Metrics and A - CVE-2025-23196
Apache Ambari: Code Injection Vulnerability in Ambari Alert - CVE-2025-23195
Apache Ambari: XML External Entity (XXE) Vulnerability in Am - CVE-2023-50378
Apache Ambari: Various XSS problems - CVE-2023-50380
Apache Ambari: authenticated users could perform XXE to read
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-917
- CVE-2026-41705
Spring AI MilvusVectorStore 注入漏洞影响 1.0.x-1.1.x - CVE-2026-41883
OmniFaces: EL injection via crafted resource name in wildcar - CVE-2026-42811
Apache Polaris: could broaden vended GCS credentials through - CVE-2026-40478
Improper neutralization of specific syntax patterns for unau - CVE-2026-40477
Improper restriction of the scope of accessible objects in T
V. Comments for CVE-2022-45855
No comments yet