6 matches found
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-30428, CVE-2023-30429, CVE-2023-37579 and CVE-2023-31007 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30428 DESCRIPTION: Apache Pulsar could allow a...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-31007 via org.apache.pulsar:pulsar-broker (=2.11.0)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
CVE-2023-31007
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...
CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...
CVE-2023-31007
The CVE-2023-31007 issue is an Improper Authentication vulnerability in Apache Pulsar Broker. The root cause is that the broker may fail to disconnect a client after authentication data expires when the client connects via Pulsar Proxy with authenticateOriginalAuthData=false or when a direct conn...
CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...