CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-1889

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile41.39th
Published2015年4月22日
Last Modified2026年5月6日

Vulnerability Description

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure.

Affected Platforms (CPE)

📦
Ibm

Infosphere Biginsights

= 3.0.0.0
📦
Ibm

Infosphere Biginsights

= 3.0.0.1
📦
Ibm

Infosphere Biginsights

= 3.0.0.2

References & Advisories

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21700654
🔗 http://www.securitytracker.com/id/1032150
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21700654
🔗 http://www.securitytracker.com/id/1032150

関連する脆弱性情報

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-18367.3

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1...

CVE-2015-17727.3

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...