6 matches found
Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2018-17196)
Summary Apache Kafka is vulnerable to improper input validation that could allow remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2018-17196 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions, caused by improper...
Security Bulletin: There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.
Summary Apache-storm, used by IBM Tivoli Network Manager, contains many internal libraries which are vulnerable to various types of CVEs. Revealing sensitive information CVE-2021-28169, bypassing ACL validations CVE-2018-17196, heap based buffer overflow CVE-2015-5237, denial of service...
Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38153, CVE-2018-17196)
Summary Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to...
Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Vulnerabilities (Jul 2020 CPU)
According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 16.1.x prior to 16.2.20.1, 17.1.x prior to 17.12.17.1, 18.1.x prior to 18.8.19, or 19.12.x prior to 19.12.6.0. It is, therefore,...
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Kafka vulnerability (CVE-2018-17196)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Kafka Vulnerability Details CVEID: CVE-2018-17196 DESCRIPTION: In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypass...
CVE-2018-17196
CVE-2018-17196 (Apache Kafka) : A vulnerability in Kafka versions 0.11.0.0–2.1.0 allows a remote authenticated attacker to bypass transaction/idempotent ACL validation by crafting a Produce request. The issue stems from improper input validation, requiring authenticated clients with Write permiss...