1. Home
  2. Vulnerabilities
  3. CVE-2015-7521

CVE-2015-7521

CVSS v3.0 8.3 (High)
83% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.38 % (73th)
0.38% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

Weaknesses
CWE-287
Improper Authentication
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2016-01-29 20:59:00
(8 years ago)
Updated Date
2018-10-09 19:58:08
(6 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Hive 1.0.0 cpe:2.3:a:apache:hive:1.0.0
  Apache Hive 1.0.1 cpe:2.3:a:apache:hive:1.0.1
  Apache Hive 1.1.0 cpe:2.3:a:apache:hive:1.1.0
  Apache Hive 1.2.0 cpe:2.3:a:apache:hive:1.2.0
  Apache Hive 1.2.1 cpe:2.3:a:apache:hive:1.2.1