Information disclosure in Apache Ambari

CVE-2015-4940

Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file.

Vulnerability class: Information Disclosure

EPSS: 0.007 (46.8th percentile) — read the EPSS interpretation.

Affected products

Apache Ambari
Ibm Infosphere_biginsights — versions 4.0.0.0, 4.0.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)