Home > Vulnerability Database > CVE-2022-42009

Mend.io Vulnerability Database

CVE-2022-42009

Good to know:

Date: July 12, 2023

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Language: Java

Severity Score

8.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42009

Url: https://github.com/apache/ambari/commit/209f4e35e561636ebc6e86c2648643fa4376c931

Url: https://seclists.org/oss-sec/2023/q3/21

Url: https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc

Url: https://www.mend.io/vulnerability-database/CVE-2022-42009

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CWE-917

Top Fix

Upgrade Version

Upgrade to version release-2.7.7

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42009

Good to know:

Date: July 12, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?