CVE-2015-1772
Description
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.163
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-exec 1.0.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-exec 1.1.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive 1.0.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive 1.1.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-service 1.0.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-service 1.1.1 | Windows |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-exec for Linux 1.0.1 | Linux |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-exec for Linux 1.1.1 | Linux |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive for Linux 1.0.1 | Linux |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive for Linux 1.1.1 | Linux |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-service for Linux 1.0.1 | Linux |
| Vulnerabilities CVE-2015-1772 are fixed in Apache-hive-service for Linux 1.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234