Cleartext Password Storage Vulnerability in IBM Infosphere BigInsights
CVE-2015-4940

Currently unrated

Key Information:

Vendor: Apache
Status: Ambari
Vendor: CVE Published:; 8 November 2015

What is CVE-2015-4940?

A security flaw in Apache Ambari prior to version 2.1, utilized in IBM Infosphere BigInsights 4.x before version 4.1, results in the storage of user passwords in cleartext format within a configuration file. This vulnerability permits local users to access sensitive information by simply reading the configuration file, thus exposing user credentials and potentially compromising system security.

References

http://www.securitytracker.com/id/1034102

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21969202

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015