What is CVE-2014-3582?

CVE-2014-3582 is a critical-severity vulnerability in Apache Ambari, classified under Code Injection. CVSS score: 9.8/10. Published 2017-03-29.

How severe is CVE-2014-3582?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Apache Ambari

CVE-2014-3582

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.016 (72.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Ambari
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2014-3582?: CVE-2014-3582 is a critical-severity vulnerability in Apache Ambari, classified under Code Injection. CVSS score: 9.8/10. Published 2017-03-29.
How severe is CVE-2014-3582?: Critical severity. CVSS v3 base score is 9.8 out of 10.