CVE Daily
← All tags

Tag: Apache HBase

All CVEs associated with "Apache HBase". Page 1/1 • 4 CVEs.

About “Apache HBase”

A curated feed of “Apache HBase”-related CVEs appears below. We currently track 4 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.8 (all time), and 75% are rated High/Critical (all time). Top CWEs (all time): CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-284 - Improper Access Control, CWE-287 - Improper Authentication.

In our taxonomy this topic maps to a LOW impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: hbase

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
2.62.6.5-
2.52.5.14-
1.71.7.2 Expired
2.42.4.18 Expired
2.32.3.7 Expired
2.22.2.7 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Apache HBase”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2019-03-28
High

CVE-2019-0212

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were e…

CVSS: 7.5 CWE: N/A View on NVD
2018-06-27
High

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being inc…

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2015-12-21
High

CVE-2015-1836

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper c…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2014-05-29
Medium

CVE-2013-2193

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive inf…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox