Lucene search
K

10 matches found

vulnersOsv
vulnersOsv
added 2026/04/20 3:31 p.m.8 views

ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +537 more potentially affected by CVE-2026-33557 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)

org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-33557 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16207346...

9.1CVSS5.7AI score0.00581EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:30 p.m.15 views

ai.pipestream:account-service (>=0.0.10 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.10 <=0.1.18) +537 more potentially affected by CVE-2026-35554 via org.apache.kafka:kafka-clients (>=4.1.0 <=4.1.1)

org.apache.kafka:kafka-clients MAVEN version =4.1.0, =0.0.10, =0.1.10, =0.1.3, =0.7.21, =0.7.21, =0.7.21, =0.1.21, =0.7.2, =0.7.2, =0.2.0, =0.2.0, =0.7.5 and more Source cves: CVE-2026-35554 Source advisory: SNYK:JAVA-ORGAPACHEKAFKA-16032179...

8.7CVSS7.2AI score0.00328EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:16 p.m.7 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/14 4:42 p.m.18 views

Security Bulletin: Improper Privilege Management vulnerability in IBM Event Streams

Summary IBM Event Streams is vulnerable to Improper Privilege Management vulnerability in Apache Kafka Clients to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments like in a SaaS. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION...

6.5CVSS6.9AI score0.01129EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/05 8:59 p.m.5 views

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

6.5CVSS7.4AI score0.01129EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 9:55 a.m.28 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...

7.5CVSS8.7AI score0.01157EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 9:51 a.m.19 views

Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)

Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

6.5CVSS6.6AI score0.01129EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/11/19 8:40 a.m.6 views

CVE-2024-31141 Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also...

6.5CVSS6.8AI score0.01129EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.3 views

PT-2024-8692

Name of the Vulnerable Software and Affected Versions Apache Kafka Clients versions 2.3.0 through 3.7.1 Description The issue is related to improper privilege management in Apache Kafka Clients, allowing attackers to access arbitrary contents of the disk and environment variables. This can be...

6.8CVSS6.8AI score0.01129EPSS
Exploits0References23
Metasploit
Metasploit
added 2023/06/24 7:50 p.m.777 views

Apache Druid JNDI Injection RCE

This module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients versions...

8.8CVSS7.8AI score0.95302EPSS
Exploits8
Rows per page
Query Builder