CVE-2015-1889

Name of the Vulnerable Software and Affected Versions IBM InfoSphere BigInsights versions 3.0 through 3.0.0.2

Description The issue allows remote authenticated users to bypass intended HDFS data-access restrictions. This can be achieved via a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or an import of a certain Hive table definition with the HCAT SYNC OBJECTS procedure.

Recommendations For IBM InfoSphere BigInsights versions 3.0 through 3.0.0.2, consider restricting access to the HDFS data and limiting the ability to create HADOOP TABLE statements or import Hive table definitions until a fix is available. As a temporary workaround, restrict the use of the HCAT SYNC OBJECTS procedure to minimize the risk of exploitation.