Critical severity9.8NVD Advisory· Published Mar 28, 2017· Updated May 13, 2026
CVE-2016-6807
CVE-2016-6807
Description
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ambari:ambariMaven | >= 2.4.0, < 2.4.2 | 2.4.2 |
Affected products
1- Apache Software Foundation/Apache Ambariv5Range: 2.4.x before 2.4.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/97184nvdThird Party AdvisoryVDB Entry
- cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-j76q-99x2-v7vqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6807ghsaADVISORY
- web.archive.org/web/20200227181557/http://www.securityfocus.com/bid/97184ghsaWEB
News mentions
0No linked articles in our index yet.