Cleartext Password Exposure in IBM Infosphere BigInsights via Apache Ambari
CVE-2015-4928

Currently unrated

Key Information:

Vendor: Apache
Status: Ambari
Vendor: CVE Published:; 8 November 2015

What is CVE-2015-4928?

The vulnerability exists in Apache Ambari prior to version 2.1, utilized within IBM Infosphere BigInsights versions 4.x prior to 4.1. It enables physical attackers with close proximity to access sensitive information by reading exposed password fields on the Configs screen. This flaw potentially compromises data security, allowing unauthorized access to confidential credentials.

References

http://www.securitytracker.com/id/1034102

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21969202

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015