Overview
- Description
- The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31342AF9-D73E-4B72-A98D-00E33A7088C1"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6771B5C2-7291-4A8F-A558-679768838EAE"
},
{
"criteria": "cpe:2.3:a:ibm:infosphere_biginsights:3.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1875306C-CF9A-423D-9786-B880A5EAD2DB"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hive:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EFCB996-0ED9-4FFC-BB76-8742306D47B9"
},
{
"criteria": "cpe:2.3:a:apache:hive:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0139B115-DD15-4C84-ACA9-1F0426496288"
}
],
"operator": "OR"
}
]
}
]