CVE-2021-38153

🗓️ 22 Sep 2021 09:05:11Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 410 Views

Apache Kafka password validation vulnerabilit

Reporter	Title	Published	Views	Family All 84
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by an information leak vulnerability within Kafka (CVE-2021-38153)	23 Jun 202216:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management Kafka 2.1.0 vulnerablity	20 Oct 202218:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition	24 Feb 202306:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2021-38153)	14 Nov 202204:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM Event Streams through Apache Kafka key/password validation (CVE-2021-38153)	6 Dec 202112:20	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38153, CVE-2018-17196)	16 Jun 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities	16 May 202316:18	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Kafka affects IBM InfoSphere Information Server (CVE-2021-38153)	27 Apr 202223:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in open source software shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library	11 Dec 202100:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	8 Nov 202216:36	–	ibm

NVD

Vulners

Node

apache kafkaRange2.0.0–2.6.3

apache kafkaRange2.7.0–2.7.2

apache kafkaMatch2.8.0-

Node

quarkus quarkusRange<2.2.4

Node

oracle communications_brm_-_elastic_charging_engineRange<12.0.0.4.6

oracle communications_brm_-_elastic_charging_engineMatch12.0.0.5.0

oracle communications_cloud_native_core_policyMatch1.15.0

oracle financial_services_analytical_applications_infrastructureRange8.0.6.0–8.0.9.0

oracle financial_services_analytical_applications_infrastructureRange8.1.0.0.0–8.1.20

oracle financial_services_behavior_detection_platformRange8.0.6.0.0–8.0.8.0

oracle financial_services_behavior_detection_platformMatch8.1.1.0

oracle financial_services_behavior_detection_platformMatch8.1.1.1

oracle financial_services_behavior_detection_platformMatch8.1.2.0

oracle financial_services_enterprise_case_managementMatch8.0.7.1

oracle financial_services_enterprise_case_managementMatch8.0.7.2

oracle financial_services_enterprise_case_managementMatch8.0.8.0

oracle financial_services_enterprise_case_managementMatch8.0.8.1

oracle financial_services_enterprise_case_managementMatch8.1.1.0

oracle financial_services_enterprise_case_managementMatch8.1.1.1

oracle primavera_unifierMatch18.8

oracle primavera_unifierMatch19.12

oracle primavera_unifierMatch20.12

oracle primavera_unifierMatch21.12

[
  {
    "product": "Apache Kafka",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.0.1",
        "status": "affected",
        "version": "Apache Kafka 2.0.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.1.1",
        "status": "affected",
        "version": "Apache Kafka 2.1.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.2.2",
        "status": "affected",
        "version": "Apache Kafka 2.2.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.3.1",
        "status": "affected",
        "version": "Apache Kafka 2.3.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.4.1",
        "status": "affected",
        "version": "Apache Kafka 2.4.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.5.1",
        "status": "affected",
        "version": "Apache Kafka 2.5.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.6.2",
        "status": "affected",
        "version": "Apache Kafka 2.6.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.7.1",
        "status": "affected",
        "version": "Apache Kafka 2.7.x",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "2.8.0",
        "status": "affected",
        "version": "Apache Kafka 2.8.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujul2022.html
lists	www.lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E
kafka	www.kafka.apache.org/cve-list
lists	www.lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujan2022.html
lists	www.lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E
lists	www.lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E

21 Nov 2024 06:16Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 3.15.9

EPSS0.0152

CWE-203