Vulnerabilities > IBM > Infosphere Biginsights > 3.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-5020 Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Biginsights
The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
4.0
2015-12-31 CVE-2015-1947 Local Privilege Escalation vulnerability in IBM Infosphere BigInsights
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.
local
ibm
6.9
6.9
2015-12-21 CVE-2015-1836 Improper Access Control vulnerability in multiple products
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
network
low complexity
ibm apache CWE-284
7.3
7.3
2015-12-21 CVE-2015-1772 Improper Authentication vulnerability in multiple products
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
network
low complexity
ibm apache CWE-287
7.3
7.3
2015-04-22 CVE-2015-1889 SQL Injection vulnerability in IBM Infosphere Biginsights 3.0.0.0/3.0.0.1/3.0.0.2
The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure.
network
low complexity
ibm CWE-89
6.5
6.5
2015-02-13 CVE-2014-4781 Information Exposure vulnerability in IBM Infosphere Biginsights 2.1.2.0/3.0.0.0/3.0.0.1
The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack.
network
low complexity
ibm CWE-200
5.0
5.0