Apache Ambari — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Apache Ambari, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Paused
CVE-2024-51941	Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts CWE-94	8.8	-	2025-01-21
CVE-2025-23196	Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition CWE-77	8.8	-	2025-01-21
CVE-2025-23195	Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie CWE-611	7.5	-	2025-01-21
CVE-2023-50378	Apache Ambari: Various XSS problems CWE-79	6.1	-	2024-03-01
CVE-2023-50380	Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server CWE-611	8.1	-	2024-02-27
CVE-2023-50379	Apache Ambari: authenticated users could perform command injection to perform RCE CWE-94	9.9	-	2024-02-27
CVE-2022-45855	Apache Ambari: Allows authenticated metrics consumers to perform RCE CWE-917	8.0	High	2023-07-12
CVE-2022-42009	Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. CWE-917	8.0	High	2023-07-12
CVE-2020-13924	Apache Ambari 路径遍历漏洞	7.5	-	2021-03-17
CVE-2020-1936	Stored XSS in Apache Ambari CWE-79	6.1	-	2021-03-02
CVE-2018-8042	Apache Ambari 信息泄露漏洞	8.1	-	2018-07-18
CVE-2018-8003	Apache Ambari 路径遍历漏洞	3.7	-	2018-05-03
CVE-2017-5655	Apache Ambari 安全漏洞	7.5	-	2017-05-15
CVE-2017-5654	Apache Ambari 安全漏洞	7.5	-	2017-05-12
CVE-2017-5642	Apache Ambari 安全漏洞	9.8	-	2017-04-03
CVE-2016-6807	Apache Ambari Agent 安全漏洞	9.8	-	2017-03-28

All 16 known CVE vulnerabilities affecting Apache Ambari with full Chinese analysis, references, and POCs where available.