CVE-2017-12625

medium

Apache

CVSS v3 Base Score

4.3

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.5%

Exploitation probability in 30 days

Top 35% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

None

Published: November 1, 2017 (3116 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

CWE

CWE-200

Affected Products

apache hive

References

🔗 mail-archives.apache.org 🔗 www.securityfocus.com 🔗 mail-archives.apache.org 🔗 www.securityfocus.com

CVE-2017-12625

Vulnerability Report

Description

CWE

Affected Products

References