CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-1772

HIGH
7.3
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile35.95th
Published2015年12月21日
Last Modified2026年5月6日

Vulnerability Description

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

Affected Platforms (CPE)

📦
Ibm

Infosphere Biginsights

= 3.0.0.0
📦
Ibm

Infosphere Biginsights

= 3.0.0.1
📦
Ibm

Infosphere Biginsights

= 3.0.0.2
📦
Apache

Hive

= 1.0.0
📦
Apache

Hive

= 1.1.0

References & Advisories

🔗 http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21969546
🔗 http://www.securitytracker.com/id/1034365
🔗 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
🔗 http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q%40mail.gmail.com%3E
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21969546
🔗 http://www.securitytracker.com/id/1034365
🔗 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

相關漏洞威脅

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-18367.3

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...

CVE-2013-39936.5

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or...