VulnerableCode Package Details - pkg:maven/org.apache.hive/hive-exec@1.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.hive/hive-exec@1.0.0

Essentials
History (2)

purl	pkg:maven/org.apache.hive/hive-exec@1.0.0

Next non-vulnerable version	1.0.1
Latest non-vulnerable version	2.3.4
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-6ppt-m2fe-1uge Aliases: CVE-2015-1772 GHSA-5gvm-hrw5-h6xf	Improper Authentication The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.	1.0.1 Affected by 0 other vulnerabilities. 1.1.1 Affected by 0 other vulnerabilities.
VCID-e3vr-tx7y-xbg9 Aliases: CVE-2015-7521 GHSA-83r3-c79w-f6wc	Improper Authentication The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.	1.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6ppt-m2fe-1uge
Aliases:
CVE-2015-1772
GHSA-5gvm-hrw5-h6xf

Improper Authentication The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

1.0.1
Affected by 0 other vulnerabilities.

1.1.1
Affected by 0 other vulnerabilities.

VCID-e3vr-tx7y-xbg9
Aliases:
CVE-2015-7521
GHSA-83r3-c79w-f6wc

Improper Authentication The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

1.2.2
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:38:59.852688+00:00	GitLab Importer	Affected by	VCID-6ppt-m2fe-1uge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive-exec/CVE-2015-1772.yml	38.6.0
2026-06-02T04:38:38.006619+00:00	GitLab Importer	Affected by	VCID-e3vr-tx7y-xbg9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hive/hive-exec/CVE-2015-7521.yml	38.6.0