CVE-2016-4976
medium
CVSS v3
5.5
CVSS v2
2.1
VIR risk
5.5
Description
Apache Ambari reveals administrator passwords
Predictions
Exploit likelihood
55%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.ambari:ambari | >=2.0.0,<2.4.0 | 2.4.0 |
References
- http://www.securityfocus.com/bid/97229
- https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.0
- https://nvd.nist.gov/vuln/detail/CVE-2016-4976
- https://github.com/apache/ambari
- https://web.archive.org/web/20210124014838/http://www.securityfocus.com/bid/97229
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.