← Back

CVE-2015-1836

nvd nist
Published: Dec 21, 2015Modified: May 6, 2026

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD

Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Affected (18)

Ibm
1 product
Infosphere Biginsights
Apache
1 product
Hbase
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Infosphere Biginsights
Version 3.0.0.0
Infosphere Biginsights
Version 3.0.0.1
Infosphere Biginsights
Version 3.0.0.2
Configuration B
15 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Hbase
Version 0.98.0
Hbase
Version 0.98.10.1
Hbase
Version 0.98.10
Hbase
Version 0.98.11
Hbase
Version 0.98.12
Hbase
Version 0.98.1
Hbase
Version 0.98.2
Hbase
Version 0.98.3
Hbase
Version 0.98.4
Hbase
Version 0.98.5
Hbase
Version 0.98.6.1
Hbase
Version 0.98.6
Hbase
Version 0.98.7
Hbase
Version 0.98.8
Hbase
Version 0.98.9

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.