CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1772

HIGH
7.3
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile35.95th
PublishedDec 21, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

Affected Platforms (CPE)

πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.0
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.1
πŸ“¦
Ibm

Infosphere Biginsights

= 3.0.0.2
πŸ“¦
Apache

Hive

= 1.0.0
πŸ“¦
Apache

Hive

= 1.1.0

References & Advisories

πŸ”— http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21969546
πŸ”— http://www.securitytracker.com/id/1034365
πŸ”— https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
πŸ”— http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21969546
πŸ”— http://www.securitytracker.com/id/1034365
πŸ”— https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Related Vulnerabilities

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-18367.3

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...

CVE-2013-39936.5

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or...