CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1836

HIGH
7.3
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile12.98th
PublishedDec 21, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Affected Platforms (CPE)

πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.0
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.1
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.2
πŸ“¦
Apache

Hbase

= 0.98.0
πŸ“¦
Apache

Hbase

= 0.98.1
πŸ“¦
Apache

Hbase

= 0.98.2
πŸ“¦
Apache

Hbase

= 0.98.3
πŸ“¦
Apache

Hbase

= 0.98.4
πŸ“¦
Apache

Hbase

= 0.98.5
πŸ“¦
Apache

Hbase

= 0.98.6
πŸ“¦
Apache

Hbase

= 0.98.6.1
πŸ“¦
Apache

Hbase

= 0.98.7
πŸ“¦
Apache

Hbase

= 0.98.8
πŸ“¦
Apache

Hbase

= 0.98.9
πŸ“¦
Apache

Hbase

= 0.98.10
πŸ“¦
Apache

Hbase

= 0.98.10.1
πŸ“¦
Apache

Hbase

= 0.98.11
πŸ“¦
Apache

Hbase

= 0.98.12

References & Advisories

πŸ”— http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21969546
πŸ”— http://www.securitytracker.com/id/1034365
πŸ”— https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
πŸ”— http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21969546
πŸ”— http://www.securitytracker.com/id/1034365
πŸ”— https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Related Vulnerabilities

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-17727.3

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...

CVE-2013-39936.5

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or...