Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache kafka vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27309
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL con...
8.2
CVSSv3
CVE-2023-36648
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
Prolion Cryptospike 3.0.15
7.8
CVSSv3
CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and previous versions and versions 2.9.10 and previous versions, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deser...
Vmware Spring For Apache Kafka
4 Github repositories
8.8
CVSSv3
CVE-2023-25194
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been ...
Apache Kafka Connect
1 Metasploit module
6 Github repositories
7.5
CVSSv3
CVE-2022-34917
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial o...
Apache Kafka
5.9
CVSSv3
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnera...
Apache Kafka
Apache Kafka 2.8.0
Quarkus Quarkus
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
Oracle Financial Services Enterprise Case Management 8.0.8.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.0.7.1
Oracle Financial Services Enterprise Case Management 8.0.8.0
Oracle Financial Services Behavior Detection Platform
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Financial Services Enterprise Case Management 8.0.7.2
Oracle Financial Services Analytical Applications Infrastructure
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Oracle Communications Brm - Elastic Charging Engine
4.8
CVSSv3
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request ...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Oncommand System Manager
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Rest Data Services
Oracle Communications Converged Application Server - Service Controller 6.2
Oracle Communications Session Route Manager
Oracle Siebel Core - Automation
Oracle Retail Eftlink 20.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.6.0
Oracle Blockchain Platform
Apache Kafka 2.7.0
Apache Spark 2.4.8
Apache Spark 3.0.3
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2019-12399
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration ...
Apache Kafka 2.0.1
Apache Kafka 2.1.1
Apache Kafka 2.2.0
Apache Kafka 2.2.1
Apache Kafka 2.3.0
Apache Kafka 2.0.0
Apache Kafka 2.1.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Banking Platform 2.7.0
Oracle Flexcube Universal Banking 14.4.0
Oracle Banking Virtual Account Management 14.1.0
Oracle Banking Virtual Account Management 14.3.0
Oracle Banking Virtual Account Management 14.4.0
Oracle Banking Trade Finance Process Management 14.1.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Trade Finance Process Management 14.4.0
Oracle Banking Supply Chain Finance
Oracle Banking Liquidity Management
Oracle Banking Credit Facilities Process Management 14.1.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.4.0
Oracle Banking Corporate Lending Process Management 14.3.0
9.8
CVSSv3
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Apache Storm
8.8
CVSSv3
CVE-2018-17196
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users sh...
Apache Kafka
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »