The LDAP implementation in HiveServer2 in Apache Hive prior to 1.0.1 and 1.1.x prior to 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote malicious users to bypass authentication via a crafted LDAP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm infosphere biginsights 3.0.0.2 |
||
ibm infosphere biginsights 3.0.0.0 |
||
ibm infosphere biginsights 3.0.0.1 |
||
apache hive 1.1.0 |
||
apache hive 1.0.0 |