Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 9:38 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache ZooKeeper

Summary Multiple vulnerabilities in Apache ZooKeeper that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing...

7.5CVSS7AI score0.01177EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24613

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/07 9:30 a.m.6 views

EUVD-2026-10140

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

5.8AI score0.01177EPSS
Exploits0References2
OSV
OSV
added 2026/03/07 9:16 a.m.1 views

DEBIAN-CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

7.5CVSS7.2AI score0.01177EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/07 9:16 a.m.6 views

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

7.5CVSS6.7AI score0.01177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 8:51 a.m.6 views

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

5.8AI score0.01177EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/07 8:51 a.m.31 views

CVE-2026-24308 Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

0.01177EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 8:51 a.m.88 views

CVE-2026-24308

CVE-2026-24308 affects Apache ZooKeeper: improper handling of configuration values in ZKConfig can expose sensitive client configuration in logs at INFO level. Affected: ZooKeeper 3.8.5 and 3.9.4 on all platforms. Impact: potential leakage of sensitive config data in production logs. Mitigation: ...

7.5CVSS5.8AI score0.01177EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2026/03/07 8:50 a.m.3 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS8.4AI score0.00633EPSS
Exploits0
Rows per page
Query Builder