Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the JDBC driver for Apache Hive

Summary Multiple vulnerabilities in the JDBC driver for Apache Hive that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-58163 DESCRIPTION: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier...

EUVD-2018-0758

Malware in sbrugna...

EUVD-2024-1812

Malicious code in bioql PyPI...

CVE-2024-45199

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code executi...

CVE-2024-45199

CVE-2024-45199 - summary from provided documents : The issue affects insightsoftware Hive JDBC driver up to version 2.6.13. A remote code execution vulnerability arises when attackers inject malicious parameters into the JDBC URL, triggering a JNDI injection during the connection process with the...

CVE-2024-45199

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code executi...

CVE-2024-45199

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code executi...

org.apache.hive.hcatalog:hive-webhcat (>=4.0.0-alpha-1 <=4.0.0-beta-1), org.apache.hive:hive-beeline (>=4.0.0-alpha-1 <=4.0.0-alpha-2) +2 more potentially affected by CVE-2023-35701 via org.apache.hive:hive-jdbc (>=4.0.0-alpha-1 <=4.0.0-beta-1)

org.apache.hive:hive-jdbc MAVEN version =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-beta-1 - org.apache.hop:hop-databases-hive =2.2.0 Source cves: CVE-2023-35701 Source advisory: OSV:GHSA-VPW3-3PRF-3974...

org.apache.hive:hive-beeline (=1.0.0), org.apache.hive:hive-jdbc (=1.0.0) potentially affected by CVE-2015-1772 via org.apache.hive:hive-service (=1.0.0)

org.apache.hive:hive-service MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-service and may be impacted: - org.apache.hive:hive-beeline =1.0.0 - org.apache.hive:hive-jdbc =1.0.0 Source cves: CVE-2015-1772 Sour...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +129 more potentially affected by CVE-2018-1314 via org.apache.hive:hive-jdbc (>=0.11.0 <=2.3.2)

org.apache.hive:hive-jdbc MAVEN version =0.11.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2018-1314 Source advisory: OSV:GHSA-JMF4-PQ78-F8VJ...

com.mydataharbor:jdbc-hive-3.0.x-plugin (>=1.1.1 <=2.0.2), io.hetu.core:hetu-carbondata (>=1.0.1 <=1.9.0) +10 more potentially affected by CVE-2018-1314 via org.apache.hive:hive-jdbc (>=3.0.0 <=3.1.0)

org.apache.hive:hive-jdbc MAVEN version =3.0.0, =1.1.1, =1.0.1, =2.0.0, =2.1.0, =3.0.0, =3.0.0, =3.0.0, =0.6.0-incubating, =1.7.0, =1.7.0, =1.11.3 - org.apache.ranger:ranger-hive-plugin =2.0.0 - org.apache.ranger:ranger-hive-plugin-shim =2.0.0 Source cves: CVE-2018-1314 Source advisory:...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +122 more potentially affected by CVE-2018-1282 via org.apache.hive:hive-jdbc (>=0.9.0 <=2.3.2)

org.apache.hive:hive-jdbc MAVEN version =0.9.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2018-1282 Source advisory: OSV:GHSA-JF2M-435M-MXW8...

GHSA-JF2M-435M-MXW8 SQL Injection in hive-jdbc

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

CVE-2018-1282

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...