CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5020
https://notcve.org/view.php?id=CVE-2015-5020
02 Jan 2016 — The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors. El componente Big SQL en IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2 y 4.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y truncar tablas arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21967923 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1947
https://notcve.org/view.php?id=CVE-2015-1947
31 Dec 2015 — Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program. Vulnerabilidad de busqueda de ruta no confiable en IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2 y 4.0, cuando se utiliza una base de datos DB2, permite a usuarios locales obtener privilegios a través de una libreria Troyano que se carga mediante un programa setuid o set... • http://www-01.ibm.com/support/docview.wss?uid=swg21967131 •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1772
https://notcve.org/view.php?id=CVE-2015-1772
21 Dec 2015 — The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. La implementación de LDAP en Apache Hive en versiones anteriores a 1.0.1 y 1.1.x en versiones anteriores a 1.1.1, como se utiliza en IBM InfoSphere BigInsights 3.0, 3.0.0.1 y 3.0.0.2 y ... • http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2015-1836
https://notcve.org/view.php?id=CVE-2015-1836
21 Dec 2015 — Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. Apache HBase 0.98 en versiones anteriores a 0.98.12.1, 1.0 en versiones anteriores a 1.0.1.1 y 1.1 en versiones anteriores a 1.1.0.1, como se... • http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1889
https://notcve.org/view.php?id=CVE-2015-1889
22 Apr 2015 — The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. El componente Big SQL en IBM InfoSphere BigInsights 3.0 hasta 3.0.0.2 permite a usuarios remotos autenticados evadir las restricciones de datos de acceso HDFS a travé (1) de una... • http://www-01.ibm.com/support/docview.wss?uid=swg21700654 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4781
https://notcve.org/view.php?id=CVE-2014-4781
13 Feb 2015 — The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. El módulo de alerta en IBM InfoSphere BigInsights 2.1.2 y 3.x anterior a 3.0.0.2 permite a atacantes remotos obtener información sensible sobre la API de los servicios de gestión de alertas a través de un ataque de seguimiento de redes. • http://www-01.ibm.com/support/docview.wss?uid=swg21693053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •