Security vulnerabilities have been identified in the alert module of InfoSphere BigInsights that could allow an attacker to obtain information from the Alert management services.
CVE-ID: CVE-2014-4781
DESCRIPTION:
IBM InfoSphere BigInsights could allow an attacker to obtain information from the Alert management services API by enabling tracing on the network.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95028> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
AFFECTED VERSIONS:
IBM InfoSphere BigInsights version 2.1.2, 3.0 and 3.0.0.1
CVE-ID:CVE-2014-4782 **
DESCRIPTION**:
IBM InfoSphere BigInsights could allow an attacker to obtain SMTP server credentials in the clear text from the Alert management service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N )
**
AFFECTED VERSIONS: **
IBM InfoSphere BigInsights version 2.1.2
For version 3.0, and 3.0.0.1: Upgrade to the fix pack version InfoSphere BigInsights 3.0.0.2.
For version 2.1.2: Upgrade to the fix version InfoSphere BigInsights 2.1.2 PSIRT
CPE | Name | Operator | Version |
---|---|---|---|
ibm db2 big sql | eq | 2.1.2 | |
ibm db2 big sql | eq | 3.0 |