Branden Crawford

**Name of the Vulnerable Software and Affected Versions** Apache Hive versions prior to 1.2.2 Apache Hive versions 2.0.x prior to 2.0.1 **Description** The issue arises during the validation of the server's certificate in the connection setup. The client fails to verify the common name attribute of the certificate. This allows a scenario where a JDBC client sending an SSL request to a server, for example, `abc.com`, will accept a valid certificate issued to a different domain, such as `xyz.com`, as long as it is certified by a CA. This compromises the security of the SSL handshake. **Recommendations** For Apache Hive versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. For Apache Hive versions 2.0.x prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.