CVE-2015-1836

Опубликовано: 21 дек. 2015

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Низкий

Описание

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:hbase:0.98.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.10.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:hbase:0.98.12:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02143

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2015-1836

redhat

больше 10 лет назад

GHSA-p8xr-4v2c-rvgp