CVE-2015-1836

CWE-284Improper Access Control7 documents6 sources
Severity
7.3HIGH
EPSS
2.1%
top 15.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache HbaseIBM Infosphere Biginsights
Timeline
PublishedDec 21
Latest updateOct 18

Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

Mavenorg.apache.hbase:hbase0.980.98.12.1+2
NVDapache/hbase15 versions+14
NVDibm/infosphere_biginsights3.0.0.0, 3.0.0.1, 3.0.0.2+2

🔴Vulnerability Details

3
GHSA
High severity vulnerability that affects org.apache.hbase:hbase2018-10-18
OSV
High severity vulnerability that affects org.apache.hbase:hbase2018-10-18
CVEList
CVE-2015-1836: Apache HBase 02015-12-21

📋Vendor Advisories

1
Red Hat
HBase: insecure ACLs in ZooKeeper2015-05-25

💬Community

2
Bugzilla
CVE-2015-1836 Apache HBase: insecure ACLs in ZooKeeper2015-12-23
Bugzilla
CVE-2015-1836 Apache HBase: insecure ACLs in ZooKeeper [fedora-all]2015-12-23
CVE-2015-1836 (HIGH CVSS 7.3) | Apache HBase 0.98 before 0.98.12.1 | cvebase.io