Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache kafka |
||
apache kafka 2.8.0 |
||
quarkus quarkus |
||
oracle communications brm - elastic charging engine |
||
oracle communications brm - elastic charging engine 12.0.0.5.0 |
||
oracle communications cloud native core policy 1.15.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle financial services behavior detection platform |
||
oracle financial services behavior detection platform 8.1.1.0 |
||
oracle financial services behavior detection platform 8.1.1.1 |
||
oracle financial services behavior detection platform 8.1.2.0 |
||
oracle financial services enterprise case management 8.0.7.1 |
||
oracle financial services enterprise case management 8.0.7.2 |
||
oracle financial services enterprise case management 8.0.8.0 |
||
oracle financial services enterprise case management 8.0.8.1 |
||
oracle financial services enterprise case management 8.1.1.0 |
||
oracle financial services enterprise case management 8.1.1.1 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle primavera unifier 20.12 |
||
oracle primavera unifier 21.12 |
Vulmon