Guests gain XSSive privileges in IBM's Hadoopery
IBM has patched twin cross-site scripting (XSS) vulnerabilities in its Hadoop-probing InfoSphere BigInsights platform. The patches released last week shutter the bugs (CVE-2016-2924, CVE-2016-2992) that could compromise users of the big data analytics software. Fortinet researcher Honggang Ren quietly reported the flaws to Big Blue last year and offered proof-of-concepts how to reproduce the vulnerabilities on unpatched BigInsights installations. The bugs allow guest users to own administrators,...