Information disclosure in Apache Ambari

CVE-2015-4928

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.

Vulnerability class: Information Disclosure

EPSS: 0.028 (84.7th percentile) — read the EPSS interpretation.

Affected products

Apache Ambari
Ibm Infosphere_biginsights — versions 4.0.0.0, 4.0.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)