Is CVE-2019-0212 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 4%.

What products does CVE-2019-0212 affect?

Tracked products affected include Apache HBase. Check the version you run to see whether it is affected.

How do I fix CVE-2019-0212?

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2019-0212

Q: What is CVE-2019-0212?

CVE-2019-0212 is a high-severity software vulnerability with a CVSS score of 7.5. In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST

HIGH severity · CVSS 7.5

7.5CVSS HIGH

Summary

In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. This issue is only relevant when HBase is configured with Kerberos authentication, HBase authorization is enabled, and the REST server is configured with SPNEGO authentication. This issue does not extend beyond the HBase REST server.

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredLow

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)4%

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Apache HBase

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

CVE-2019-0212

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information