8 matches found
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
Security Bulletin: Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, CVE-2015-1836).
Summary Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials CVE-2015-1772 , CVE-2015-1836. Vulnerability Details CVEID: CVE-2015-1772 DESCRIPTION: Apac...
com.huemulsolutions.bigdata:huemul-bigdatagovernance (>=1.1 <=2.1), com.thinkbiganalytics.kylo:kylo-kerberos-test-client (=0.10.0) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-service (=1.1.0)
org.apache.hive:hive-service MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-service and may be impacted: - com.huemulsolutions.bigdata:huemul-bigdatagovernance =1.1, =2.1 -...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)
org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...
org.apache.hive:hive-beeline (=1.0.0), org.apache.hive:hive-jdbc (=1.0.0) potentially affected by CVE-2015-1772 via org.apache.hive:hive-service (=1.0.0)
org.apache.hive:hive-service MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-service and may be impacted: - org.apache.hive:hive-beeline =1.0.0 - org.apache.hive:hive-jdbc =1.0.0 Source cves: CVE-2015-1772 Sour...
CVE-2015-1772
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authenticatio...
CVE-2015-1772
CVE-2015-1772 affects HiveServer2 LDAP authentication in Apache Hive (used in IBM InfoSphere BigInsights and similar products). The issue arises when LDAP authentication is configured with simple unauthenticated or anonymous binds, letting remote attackers bypass authentication via crafted LDAP r...
CVE-2015-1772
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authenticatio...