VYPR
Critical severity9.8NVD Advisory· Published Mar 28, 2017· Updated Jun 17, 2026

CVE-2016-6807

CVE-2016-6807

Description

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.ambari:ambariMaven
>= 2.4.0, < 2.4.22.4.2

Affected products

4
  • Apache/Ambari2 versions
    cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:ambari:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ambari:2.4.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.4.0, < 2.4.2
  • Apache Software Foundation/Apache Ambariv5
    Range: 2.4.x before 2.4.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.