CVE-2015-1772 – org.apache.hive:hive

Package

Manager: maven
Name: org.apache.hive:hive
Vulnerable Version: =1.0.0 || >=1.0.0 <1.0.1 || =1.1.0 || >=1.1.0 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00163 pctl0.37758

Details

Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

Metadata

Created: 2019-03-14T15:40:44Z
Modified: 2022-09-17T01:07:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-5gvm-hrw5-h6xf/GHSA-5gvm-hrw5-h6xf.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-5gvm-hrw5-h6xf
Finding: F039
Auto approve: 1