5 matches found
Security Bulletin: Apache Kafka Vulnerabilities Affect the B2B API of IBM Sterling B2B Integrator (CVE-2017-12610, CVE-2018-1288)
Summary BM Sterling B2B Integrator has addressed the security vulnerabilities. Vulnerability Details CVEID: CVE-2017-12610 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions. By using a manually specially crafted protocol message with SASL/PLAIN ...
SUSE-SU-2018:2536-1 Security update for grafana, kafka, logstash and monasca-installer
This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting XSS vulnerabilities in dashboard links. bsc1096985 kafka: - CVE-2018-1288: Authenticated Kafka users may...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...
CVE-2018-1288
CVE-2018-1288 affects Apache Kafka across multiple 0.9.x–1.0.0 release lines; authenticated users can issue a fetch request that performs a broker-reserved action, potentially causing data loss during replication. Public documentation here documents the issue and confirms fixes in later Kafka bui...