IBM666B2876E9F7C46B52F9E42E6D09312CB3CDEBC844FCC989F4E454FA737BB8FDSecurity Bulletin: IBM InfoSphere BigInsights affected by multiple vulnerabilities in alert module (CVE-2014-4781, CVE-2014-4782)
0.002 Low
EPSS
Percentile
54.9%
Summary
Security vulnerabilities have been identified in the alert module of InfoSphere BigInsights that could allow an attacker to obtain information from the Alert management services.
Vulnerability Details
CVE-ID: CVE-2014-4781
DESCRIPTION:
IBM InfoSphere BigInsights could allow an attacker to obtain information from the Alert management services API by enabling tracing on the network.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95028> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
AFFECTED VERSIONS:
IBM InfoSphere BigInsights version 2.1.2, 3.0 and 3.0.0.1
CVE-ID:CVE-2014-4782 **
DESCRIPTION**:
IBM InfoSphere BigInsights could allow an attacker to obtain SMTP server credentials in the clear text from the Alert management service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N )
**
AFFECTED VERSIONS: **
IBM InfoSphere BigInsights version 2.1.2
Remediation/Fixes
For version 3.0, and 3.0.0.1: Upgrade to the fix pack version InfoSphere BigInsights 3.0.0.2.
For version 2.1.2: Upgrade to the fix version InfoSphere BigInsights 2.1.2 PSIRT
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm db2 big sql | eq | 2.1.2 | |
| ibm db2 big sql | eq | 3.0 |
Related
0.002 Low
EPSS
Percentile
54.9%