Thomas Rega

**Name of the Vulnerable Software and Affected Versions** Apache Hive versions prior to 1.0.1 Apache Hive versions 1.1.x prior to 1.1.1 IBM InfoSphere BigInsights versions 3.0, 3.0.0.1, and 3.0.0.2 **Description** The issue concerns the LDAP implementation in HiveServer2, which improperly handles simple unauthenticated and anonymous bind configurations. This allows remote attackers to bypass authentication by sending a crafted LDAP request. **Recommendations** For Apache Hive versions prior to 1.0.1, update to version 1.0.1 or later. For Apache Hive versions 1.1.x prior to 1.1.1, update to version 1.1.1 or later. For IBM InfoSphere BigInsights versions 3.0, 3.0.0.1, and 3.0.0.2, consider restricting access to the LDAP implementation until a patch or update is available.