CVE-2018-1288

🗓️ 26 Jul 2018 14:00:00Reported by apacheType

Apache Kafka versions 0.9.0.0 to 1.0.0 allow authenticated users to interfere with data replication, leading to data loss

Reporter	Title	Published	Views	Family All 19
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	13 Apr 202120:46	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Kafka Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator (CVE-2017-12610, CVE-2018-1288)	14 Oct 202113:12	–	ibm
CNVD	Apache Kafka Security Bypass Vulnerability	31 Jul 201800:00	–	cnvd
Cvelist	CVE-2018-1288	26 Jul 201814:00	–	cvelist
EUVD	EUVD-2022-3959	3 Oct 202520:07	–	euvd
Github Security Blog	Improper Control of Generation of Code in Apache Kafka	13 May 202201:02	–	github
NVD	CVE-2018-1288	26 Jul 201814:29	–	nvd
Oracle	Oracle Critical Patch Update Advisory - July 2020	14 Jul 202000:00	–	oracle
Tenable Nessus	Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Vulnerabilities (Jul 2020 CPU)	15 Jul 202000:00	–	nessus
OSV	GHSA-GH27-38P5-MRXC Improper Control of Generation of Code in Apache Kafka	13 May 202201:02	–	osv

NVD

Vulners

Node

apache kafkaRange0.9.0.0–0.9.0.1

apache kafkaRange0.10.0.0–0.10.2.1

apache kafkaRange0.11.0.0–0.11.0.2

apache kafkaMatch1.0.0

Node

redhat jboss_middleware_text-only_advisoriesMatch1.0middleware

Node

oracle databaseMatch11.2.0.4

oracle databaseMatch12.1.0.2

oracle databaseMatch12.2.0.1

oracle databaseMatch18c

oracle databaseMatch19c

oracle primavera_p6_enterprise_project_portfolio_managementRange19.12.0.0–19.12.6.0

oracle timesten_in-memory_databaseRange<18.1.2.1.0

[
  {
    "product": "Apache Kafka",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "0.9.0.0 to 0.9.0.1"
      },
      {
        "status": "affected",
        "version": "0.10.0.0 to 0.10.2.1"
      },
      {
        "status": "affected",
        "version": "0.11.0.0 to 0.11.0.2"
      },
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/104900
lists	www.lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:3768
lists	www.lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujul2020.html
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

21 Nov 2024 03:59Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

CVSS 25.5

EPSS0.00688