CVE-2017-12625
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.0%
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:hive | apache hive | eq | 2.1.0 |
| apache:hive | apache hive | eq | 2.1.1 |
| apache:hive | apache hive | eq | 2.2.0 |
| apache:hive | apache hive | eq | 2.3.0 |
CNA Affected
[
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.1.x before 2.1.2"
},
{
"status": "affected",
"version": "2.2.x before 2.2.1"
},
{
"status": "affected",
"version": "2.3.0"
}
]
}
]Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.0%