Main Vulnerability Database Vulnerabilities #VU40614

Permissions, Privileges, and Access Controls in Ambari - CVE-2015-3270

Published: November 2, 2015 / Updated: February 8, 2021

Vulnerability identifier: #VU40614

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-3270

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Ambari

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges within the application.

Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.

How to mitigate CVE-2015-3270

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/10/13/3
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities

Permissions, Privileges, and Access Controls in Ambari - CVE-2015-3270

Detailed vulnerability description

How to mitigate CVE-2015-3270

Sources

Please verify you're human