10 matches found
ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +537 more potentially affected by CVE-2026-33557 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)
org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-33557 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16207346...
ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +537 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)
org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...
Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141
Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Improper Privilege Management vulnerability in IBM Event Streams
Summary IBM Event Streams is vulnerable to Improper Privilege Management vulnerability in Apache Kafka Clients to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments like in a SaaS. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...
Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)
Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...
CVE-2024-31141 Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also...
PT-2024-8692
Name of the Vulnerable Software and Affected Versions Apache Kafka Clients versions 2.3.0 through 3.7.1 Description The issue is related to improper privilege management in Apache Kafka Clients, allowing attackers to access arbitrary contents of the disk and environment variables. This can be...
Apache Druid JNDI Injection RCE
This module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients versions...