CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1889

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile41.39th
PublishedApr 22, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure.

Affected Platforms (CPE)

πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.0
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.1
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.2

References & Advisories

πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21700654
πŸ”— http://www.securitytracker.com/id/1032150
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21700654
πŸ”— http://www.securitytracker.com/id/1032150

Related Vulnerabilities

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-18367.3

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1...

CVE-2015-17727.3

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...