CVE-2018-1282

Name of the Vulnerable Software and Affected Versions Apache Hive JDBC driver versions 0.7.1 through 2.3.2 Oracle Business Intelligence Enterprise Edition Analytics Server (affected versions not specified)

Description The issue allows an attacker to bypass argument escaping in the JDBC driver's PreparedStatement implementation by using carefully crafted arguments. This can potentially lead to the execution of arbitrary SQL commands. The vulnerability is related to the lack of protection for the SQL query structure in the Analytics Server component of Oracle Business Intelligence Enterprise Edition.

Recommendations For Apache Hive JDBC driver versions 0.7.1 through 2.3.2, update to a version that contains a fix for this issue. For Oracle Business Intelligence Enterprise Edition Analytics Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.