CVE-2015-3188

Name of the Vulnerable Software and Affected Versions Apache Storm version 0.10.0

Description The issue is related to the UI daemon in Apache Storm, which has insufficient access controls. This allows remote attackers to execute arbitrary code. With Kerberos authentication, this could potentially allow impersonation of arbitrary users on other systems, including HDFS and HBase.

Recommendations For Apache Storm version 0.10.0, update to a version after 0.10.0-beta1 to resolve the issue. As a temporary workaround, consider restricting access to the UI daemon to minimize the risk of exploitation.