CVE-2015-1836

7.3HIGH

Key Information:

Vendor
IBM
Status
Infosphere Biginsights
Vendor
CVE Published:
21 December 2015

Summary

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

References

http://mail-archives.apache.org/mod_mbox/www-announce/201...
mailing-listx_refsource_MLIST
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
x_refsource_CONFIRM
https://www.cloudera.com/documentation/other/security-bul...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.