Lucene search
+L

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/29 1:37 a.m.29 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-51437 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2023-51437 DESCRIPTION: Apache Pulsar could allow a remote attacker to bypass security restrictions, caused...

7.4CVSS7.4AI score0.00763EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2024/02/07 12:30 p.m.7 views

org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...

7.4CVSS7.1AI score0.00763EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/07 12:30 p.m.8 views

org.apache.pulsar:pulsar-server-distribution (=3.1.0) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (=3.1.0)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker-auth-sasl and may be impacted: - org.apache.pulsar:pulsar-server-distribution =3.1.0 Source cves:...

7.4CVSS7.1AI score0.00763EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/07 9:18 a.m.31 views

CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

7.4CVSS7.5AI score0.00763EPSS
Exploits0References2
CVE
CVE
added 2024/02/07 9:18 a.m.106 views

CVE-2023-51437

This CVE (CVE-2023-51437) concerns an observable timing discrepancy in the Apache Pulsar SASL Authentication Provider that could allow forging a SASL Role Token passing signature verification. Affected products/components include Pulsar Broker, Proxy, Websocket Proxy, and Function Worker. Root ca...

7.4CVSS7.2AI score0.00763EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder