Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hazelcast hazelcast vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45859
In Hazelcast up to and including 4.1.10, 4.2 up to and including 4.2.8, 5.0 up to and including 5.0.5, 5.1 up to and including 5.1.7, 5.2 up to and including 5.2.4, and 5.3 up to and including 5.3.2, some client operations don't check permissions properly, allowing authentic...
NA
CVE-2023-45860
In Hazelcast Platform up to and including 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's fi...
NA
CVE-2023-33265
In Hazelcast up to and including 5.0.4, 5.1 up to and including 5.1.6, and 5.2 up to and including 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Hazelcast Imdg
Hazelcast Hazelcast
NA
CVE-2023-33264
In Hazelcast up to and including 5.0.4, 5.1 up to and including 5.1.6, and 5.2 up to and including 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
Hazelcast Hazelcast
4 Github repositories
NA
CVE-2022-36437
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated malicious user to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are up to and including 4.0.6, 4.1.9, 4...
Hazelcast Hazelcast-jet
Hazelcast Hazelcast
7.5
CVSSv2
CVE-2022-0265
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.
Hazelcast Hazelcast 5.1
1 Github repository
7.5
CVSSv2
CVE-2020-26168
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x prior to 4.0.3, and Jet Enterprise 4.x up to and including 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated...
Hazelcast Hazelcast
Hazelcast Jet
6.8
CVSSv2
CVE-2016-10750
In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrar...
Hazelcast Hazelcast
1 Article
6.8
CVSSv2
CVE-2018-10654
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Citrix Xenmobile Server 10.8
Citrix Xenmobile Server 10.7
4
CVSSv2
CVE-2013-5934
Open-Xchange AppSuite 7.0.x prior to 7.0.2-rev15 and 7.2.x prior to 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote malicious users to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast clus...
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite 7.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »