CVE-2015-1836
HIGHIBM InfoSphere BigInsights 3.0-3.0.0.2 - Improper Access Control in ZooKeeper Coordination State
Title source: llmDescription
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
References (4)
Core 4
Core References
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
Various Sources x_refsource_confirm
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034365
Scores
CVSS v3
7.3
EPSS
0.0214
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-284
Status
published
Products (19)
apache/hbase
0.98.0
apache/hbase
0.98.1
apache/hbase
0.98.2
apache/hbase
0.98.3
apache/hbase
0.98.4
apache/hbase
0.98.5
apache/hbase
0.98.6
apache/hbase
0.98.6.1
apache/hbase
0.98.7
apache/hbase
0.98.8
... and 9 more
Published
Dec 21, 2015
Tracked Since
Feb 18, 2026