CVE-2024-51941

moderate-risk

Published 2025-01-21

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

Do I need to act?

0.85% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (1)

Ambari

Affected Vendors

Apache

References (2)

Vendor Advisory https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j

Mailing List http://www.openwall.com/lists/oss-security/2025/01/21/9

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal