A security vulnerability has been identified in Open Source Zookeeper that affects IBM BigInsights (IBM Open Platform with Apache Hadoop).
CVEID: CVE-2017-1213**
DESCRIPTION:** IBM BigInsights Zookeeper when accessed behind a firewall where Jetty AdminServer is not available, could allow an authenticated user to cause a denial of service.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM BigInsights 4.1, 4.2, 4.2.5| IBM Open Platform 4.1, 4.2, 4.2.5
Follow instructions for apply service patch on IOP cluster:
<https://developer.ibm.com/hadoop/2015/12/17/iop-patch-management/>
The specific patches for Red Hat version / IOP level are below:
IOP patches for RHEL 6:
IOP 4.1 <https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.1.x/Updates/4.1.0.0_20170915/>
IOP 4.2 https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.2.x/Updates/4.2.0.0_20170915/
IOP 4.2.5 <https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.2.x/Updates/4.2.5.0_20170918/>
IOP patches for RHEL 7:
IOP 4.1 http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.1.x/Updates/4.1.0.0_20170926/
IOP 4.2 http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.2.x/Updates/4.2.0.0_20170926/
IOP 4.2.5 <http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.2.x/Updates/4.2.5.0_20170926/>
CPE | Name | Operator | Version |
---|---|---|---|
ibm db2 big sql | eq | 4.1.0 | |
ibm db2 big sql | eq | 4.2.0 | |
ibm db2 big sql | eq | 4.2.5 |