Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-1836

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Published

2015-12-21T11:59:01.140

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm infosphere_biginsights 3.0.0.0 Yes
Application ibm infosphere_biginsights 3.0.0.1 Yes
Application ibm infosphere_biginsights 3.0.0.2 Yes
Application apache hbase 0.98.0 Yes
Application apache hbase 0.98.1 Yes
Application apache hbase 0.98.2 Yes
Application apache hbase 0.98.3 Yes
Application apache hbase 0.98.4 Yes
Application apache hbase 0.98.5 Yes
Application apache hbase 0.98.6 Yes
Application apache hbase 0.98.6.1 Yes
Application apache hbase 0.98.7 Yes
Application apache hbase 0.98.8 Yes
Application apache hbase 0.98.9 Yes
Application apache hbase 0.98.10 Yes
Application apache hbase 0.98.10.1 Yes
Application apache hbase 0.98.11 Yes
Application apache hbase 0.98.12 Yes
References