7 matches found
Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-12399)
Summary Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure . IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2019-12399 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a flaw in the Conne...
Security Bulletin: IBM Event Streams is affected by kafka vulnerability CVE-2019-12399
Summary IBM Event Streams has addressed the following vulnerability Vulnerability Details CVEID: CVE-2019-12399 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a flaw in the Connect REST API. By sending specially crafted request, a remote attacke...
CVE-2019-12399
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...
CVE-2019-12399
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...
CVE-2019-12399
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...
CVE-2019-12399
CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...
CVE-2019-12399
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...