Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hazelcast hazelcast vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36437
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated malicious user to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are up to and including 4.0.6, 4.1.9, 4...
Hazelcast Hazelcast-jet
Hazelcast Hazelcast
7.5
CVSSv2
CVE-2020-26168
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x prior to 4.0.3, and Jet Enterprise 4.x up to and including 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated...
Hazelcast Hazelcast
Hazelcast Jet
NA
CVE-2023-33265
In Hazelcast up to and including 5.0.4, 5.1 up to and including 5.1.6, and 5.2 up to and including 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Hazelcast Imdg
Hazelcast Hazelcast
NA
CVE-2023-33264
In Hazelcast up to and including 5.0.4, 5.1 up to and including 5.1.6, and 5.2 up to and including 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
Hazelcast Hazelcast
4 Github repositories
6.8
CVSSv2
CVE-2016-10750
In Hazelcast prior to 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrar...
Hazelcast Hazelcast
1 Article
7.5
CVSSv2
CVE-2022-0265
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.
Hazelcast Hazelcast 5.1
1 Github repository
4.3
CVSSv2
CVE-2013-5936
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x prior to 7.0.2-rev15 and 7.2.x prior to 7.2.2-rev16 allows remote malicious users to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5)...
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Appsuite 7.2.0
6.8
CVSSv2
CVE-2018-10654
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
Citrix Xenmobile Server 10.8
Citrix Xenmobile Server 10.7
NA
CVE-2023-45859
In Hazelcast up to and including 4.1.10, 4.2 up to and including 4.2.8, 5.0 up to and including 5.0.5, 5.1 up to and including 5.1.7, 5.2 up to and including 5.2.4, and 5.3 up to and including 5.3.2, some client operations don't check permissions properly, allowing authentic...
NA
CVE-2023-45860
In Hazelcast Platform up to and including 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's fi...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »