1. Home
  2. CVE Database
  3. CVE-2015-1889
MEDIUM · 6.5

CVE-2015-1889

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE stateme...

Vulnerability Description

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
IbmInfosphere Biginsights3.0.0.0

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2015-1889?

CVE-2015-1889 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE stateme...

How severe is CVE-2015-1889?

CVE-2015-1889 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1889?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Infosphere Biginsights.