The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated malicious user to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are up to and including 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are up to and including 4.5.3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hazelcast hazelcast-jet |
||
hazelcast hazelcast |