CVE-2015-1836

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Published: Dec 21, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-1836
GHSA: GHSA-p8xr-4v2c-rvgp
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ibm / infosphere_biginsights	3.0.0.2	3.0.0.2.x
ibm / infosphere_biginsights	3.0.0.0	3.0.0.0.x
ibm / infosphere_biginsights	3.0.0.1	3.0.0.1.x
apache / hbase	0.98.1	0.98.1.x
apache / hbase	0.98.9	0.98.9.x
apache / hbase	0.98.2	0.98.2.x
apache / hbase	0.98.4	0.98.4.x
apache / hbase	0.98.11	0.98.11.x
apache / hbase	0.98.3	0.98.3.x
apache / hbase	0.98.8	0.98.8.x
apache / hbase	0.98.10	0.98.10.x
apache / hbase	0.98.7	0.98.7.x
apache / hbase	0.98.6.1	0.98.6.1.x
apache / hbase	0.98.5	0.98.5.x
apache / hbase	0.98.12	0.98.12.x
apache / hbase	0.98.10.1	0.98.10.1.x
apache / hbase	0.98.6	0.98.6.x
apache / hbase	0.98.0	0.98.0.x
org.apache.hbase / hbase	0.98	0.98.12.1
org.apache.hbase / hbase	1.0.0	1.0.1.1
org.apache.hbase / hbase	1.1.0	1.1.0.x
org.apache.hbase / hbase	1.1.0	1.1.0.1

Vulnerability Database

300,445

CVE-2015-1836

Deep Security Visibility Without the Complexity