7 matches found
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.2) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +5 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.0.0 <=3.0.2)
org.apache.pulsar:pulsar-broker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...
org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0), org.apache.pulsar:pulsar-broker-auth-sasl (=3.2.0) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (=3.2.0)
org.apache.pulsar:pulsar-broker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - org.apache.pulsar:pulsar-broker-auth-athenz =3.2.0 - org.apache.pulsar:pulsar-broker-auth-sasl...
CVE-2024-28098
creationtimestamp| type| source ---|---|--- 2024-03-12 20:26:33+00:00| seen| https://t.me/ctinow/206104 2024-03-12 20:26:39+00:00| seen| https://t.me/ctinow/206110 2024-03-12 21:46:24+00:00| seen| https://t.me/ctinow/206190 2024-04-09 19:53:01+00:00| seen| https://t.me/arpsyndicate/4408 2025-02-1...
CVE-2024-28098
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...
CVE-2024-28098 Apache Pulsar: Improper Authorization For Topic-Level Policy Management
The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...