CVE-2015-1772
high
CVSS v3
7.3
CVSS v2
4.3
VIR risk
7.3
Description
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Predictions
Exploit likelihood
82%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://www-01.ibm.com/support/docview.wss?uid=swg21969546
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.hive:hive | >=1.0.0,<1.0.1 | 1.0.1 |
| Maven | org.apache.hive:hive | >=1.1.0,<1.1.1 | 1.1.1 |
| Maven | org.apache.hive:hive-exec | >=1.0.0,<1.0.1 | 1.0.1 |
| Maven | org.apache.hive:hive-exec | >=1.1.0,<1.1.1 | 1.1.1 |
| Maven | org.apache.hive:hive-service | >=1.0.0,<1.0.1 | 1.0.1 |
| Maven | org.apache.hive:hive-service | >=1.1.0,<1.1.1 | 1.1.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | infosphere_biginsights | 3.0.0.0 | |
| ibm | infosphere_biginsights | 3.0.0.1 | |
| ibm | infosphere_biginsights | 3.0.0.2 | |
| apache | hive | 1.0.0 | |
| apache | hive | 1.1.0 | |
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E
- http://www-01.ibm.com/support/docview.wss?uid=swg21969546
- http://www.securitytracker.com/id/1034365
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-1772
- https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.