CVE-2015-4928

Published: Nov 8, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

Affected (1)

Products: Apache: Ambari

Apache

1 product

Ambari

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Apache Ambari	Up to 2.0.2

Running on/with	Platform Versions
Ibm Infosphere Biginsights	Version 4.0.0.0
Ibm Infosphere Biginsights	Version 4.0.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21969202

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securitytracker.com/id/1034102

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21969202

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1034102

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.