EUVD-2022-6416

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Apache Hive before 3.1.3 allows unauthorized operations on user-defined functions via insufficient authorization checks

Reporter	Title	Published	Views	Family All 15
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Hive (CVE-2021-34538)	17 May 202322:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.	27 Mar 202415:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics	18 Oct 202213:20	–	ibm
CNNVD	Apache Hive 访问控制错误漏洞	16 Jul 202200:00	–	cnnvd
CNVD	Apache Hive Authorization Issues Vulnerability	19 Jul 202200:00	–	cnvd
CVE	CVE-2021-34538	16 Jul 202207:10	–	cve
Cvelist	CVE-2021-34538 Apache Hive Security vulnerability in Hive with UDFs	16 Jul 202207:10	–	cvelist
Github Security Blog	Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.	17 Jul 202200:00	–	github
NVD	CVE-2021-34538	16 Jul 202207:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - July 2023	18 Jul 202300:00	–	oracle

[
  {
    "enisaIdVendor": [
      {
        "id": "c7fd1b9f-7535-35a0-bb1c-055f45370389",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5a178cc3-bc7f-3f17-a336-dd4277052c62",
        "product": {
          "name": "Apache Hive"
        },
        "product_version": "Apache Hive <3.1.3"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-34538
github	www.github.com/apache/hive
lists	www.lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

03 Oct 2025 20:07Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00451