Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.12 views

CVE-2021-34538

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...

7.5CVSS6.6AI score0.01635EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 10:3 p.m.26 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Hive (CVE-2021-34538)

Summary A vulnerability in Apache Hive used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-34538 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by improper authorization validation by the CREATE and DROP functio...

7.5CVSS7.3AI score0.01635EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/07/17 12:0 a.m.4 views

com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2021-34538 via org.apache.hive:hive (=2.1.1)

org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2021-34538 Source advisory:...

7.5CVSS7.1AI score0.01635EPSS
Exploits0
CVE
CVE
added 2022/07/16 7:10 a.m.106 views

CVE-2021-34538

CVE-2021-34538 affects Apache Hive (before 3.1.3). The vulnerability arises when performing CREATE and DROP operations for UDFs, as authorization checks for involved entities are missing. This could allow an unauthorized user to drop and recreate UDFs and point them to new jars that may be malici...

7.5CVSS7.3AI score0.01635EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder