Home > Vulnerability Database > CVE-2024-51941

Mend.io Vulnerability Database

CVE-2024-51941

Date: January 21, 2025

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Severity Score

8.8

Related Resources (4)

Url: https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j

Url: http://www.openwall.com/lists/oss-security/2025/01/21/9

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-51941

Url: https://www.mend.io/vulnerability-database/CVE-2024-51941

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Control of Generation of Code ('Code Injection')

CWE-94

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

CWE-75

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-51941

Date: January 21, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?