Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/07/30 1:34 a.m.19 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...

6.4CVSS6.5AI score0.01701EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.7 views

org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.2) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2)

org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

6.4CVSS6.5AI score0.01701EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.4 views

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +5 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=3.0.0 <=3.0.2)

org.apache.pulsar:pulsar-broker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...

6.4CVSS6.5AI score0.01701EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.13 views

org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0), org.apache.pulsar:pulsar-broker-auth-sasl (=3.2.0) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (=3.2.0)

org.apache.pulsar:pulsar-broker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - org.apache.pulsar:pulsar-broker-auth-athenz =3.2.0 - org.apache.pulsar:pulsar-broker-auth-sasl...

6.4CVSS6.5AI score0.01701EPSS
Exploits0
Circl
Circl
added 2024/03/12 8:26 p.m.6 views

CVE-2024-28098

creationtimestamp| type| source ---|---|--- 2024-03-12 20:26:33+00:00| seen| https://t.me/ctinow/206104 2024-03-12 20:26:39+00:00| seen| https://t.me/ctinow/206110 2024-03-12 21:46:24+00:00| seen| https://t.me/ctinow/206190 2024-04-09 19:53:01+00:00| seen| https://t.me/arpsyndicate/4408 2025-02-1...

6.4CVSS6.2AI score0.01701EPSS
Exploits0References5
NVD
NVD
added 2024/03/12 7:15 p.m.34 views

CVE-2024-28098

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...

6.4CVSS6.3AI score0.01701EPSS
Exploits0References3
OSV
OSV
added 2024/03/12 6:15 p.m.8 views

CVE-2024-28098 Apache Pulsar: Improper Authorization For Topic-Level Policy Management

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache...

6.4CVSS6.6AI score0.01701EPSS
Exploits0References5
Rows per page
Query Builder