PT-2015-5437 · Ibm+1 · Ibm Infosphere Biginsights+1
Thomas Rega
·
Publicado
2015-12-21
·
Atualizado
2019-03-14
·
CVE-2015-1772
CVSS v3.1
7.3
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Apache Hive versions prior to 1.0.1
Apache Hive versions 1.1.x prior to 1.1.1
IBM InfoSphere BigInsights versions 3.0, 3.0.0.1, and 3.0.0.2
Description
The issue concerns the LDAP implementation in HiveServer2, which improperly handles simple unauthenticated and anonymous bind configurations. This allows remote attackers to bypass authentication by sending a crafted LDAP request.
Recommendations
For Apache Hive versions prior to 1.0.1, update to version 1.0.1 or later.
For Apache Hive versions 1.1.x prior to 1.1.1, update to version 1.1.1 or later.
For IBM InfoSphere BigInsights versions 3.0, 3.0.0.1, and 3.0.0.2, consider restricting access to the LDAP implementation until a patch or update is available.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Hive
Ibm Infosphere Biginsights