7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Apache Hive is a Hadoop (Distributed Systems Infrastructure) based data warehouse software from the Apache Foundation. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. versions prior to Apache Hive 3.1.3 have an authorization issue vulnerability that stems from the fact that Hive’s CREATE and DRO functions do not check for authorization and can be exploited by an unauthorized attacker to delete and recreate UDFs.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache hive | lt | 3.1.3 |