Lucene search

CVE-2018-1288

🗓️ 26 Jul 2018 14:00:29Reported by apacheType

Apache Kafka versions 0.9.0.0 to 1.0.0 allow authenticated users to interfere with data replication, leading to data loss

Reporter	Title	Published	Views	Family All 13
Cvelist	CVE-2018-1288	26 Jul 201814:00	–	cvelist
NVD	CVE-2018-1288	26 Jul 201814:29	–	nvd
Veracode	Data Loss	27 Jul 201805:58	–	veracode
Prion	Design/Logic Flaw	26 Jul 201814:29	–	prion
RedhatCVE	CVE-2018-1288	2 Aug 201803:18	–	redhatcve
OSV	Improper Control of Generation of Code in Apache Kafka	13 May 202201:02	–	osv
OSV	OPENSUSE-SU-2024:10886-1 kafka-source-2.1.0-3.6 on GA media	15 Jun 202400:00	–	osv
Github Security Blog	Improper Control of Generation of Code in Apache Kafka	13 May 202201:02	–	github
IBM Security Bulletins	Security Bulletin: Apache Kafka Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator (CVE-2017-12610, CVE-2018-1288)	14 Oct 202113:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	13 Apr 202120:46	–	ibm

Nvd

Vulners

Node

apache kafkaRange0.9.0.0–0.9.0.1

apache kafkaRange0.10.0.0–0.10.2.1

apache kafkaRange0.11.0.0–0.11.0.2

apache kafkaMatch1.0.0

Node

redhat jboss_middleware_text-only_advisoriesMatch1.0middleware

Node

oracle databaseMatch11.2.0.4

oracle databaseMatch12.1.0.2

oracle databaseMatch12.2.0.1

oracle databaseMatch18c

oracle databaseMatch19c

oracle primavera_p6_enterprise_project_portfolio_managementRange19.12.0.0–19.12.6.0

oracle timesten_in-memory_databaseRange<18.1.2.1.0

[
  {
    "product": "Apache Kafka",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.0.0 to 0.9.0.1"
      },
      {
        "status": "affected",
        "version": "0.10.0.0 to 0.10.2.1"
      },
      {
        "status": "affected",
        "version": "0.11.0.0 to 0.11.0.2"
      },
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E
lists	www.lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E
securityfocus	www.securityfocus.com/bid/104900
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujul2020.html
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:3768
lists	www.lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Jul 2018 14:29Current

5.5Medium risk

Vulners AI Score5.5

CVSS25.5

CVSS35.4

EPSS0.00947