Executive Summary

Informations
Name CVE-2024-51941 First vendor Publication 2025-01-21
Vendor Cve Last vendor Modification 2025-06-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51941

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 29

Sources (Detail)

http://www.openwall.com/lists/oss-security/2025/01/21/9
https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2025-06-10 00:20:50
  • Multiple Updates
2025-01-22 21:20:28
  • Multiple Updates
2025-01-22 05:20:28
  • Multiple Updates
2025-01-22 00:20:27
  • First insertion