Native SQL queries support positional as well as named parameters:
Query query = sess.createSQLQuery("SELECT * FROM STUDENTS WHERE NAME like ?").addEntity(Student.class);
List pusList = query.setString(0, "Pus%").list();
query = sess.createSQLQuery("SELECT * FROM STUDENTS WHERE NAME like :name").addEntity(Cat.class);
List pusList = query.setString("name", "Pus%").list();