Lucene search

K

Hazelcast Security Vulnerabilities

cve
cve

CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions...

8.8CVSS

8.7AI Score

0.001EPSS

2023-07-18 04:15 PM
96
cve
cve

CVE-2023-33264

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the...

4.3CVSS

4.4AI Score

0.0005EPSS

2023-05-22 01:15 AM
128
cve
cve

CVE-2022-36437

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected....

9.1CVSS

8.9AI Score

0.002EPSS

2022-12-29 11:15 PM
132
cve
cve

CVE-2022-0265

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in...

9.8CVSS

9.4AI Score

0.002EPSS

2022-03-03 10:15 PM
176
cve
cve

CVE-2020-26168

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid...

9.8CVSS

9.5AI Score

0.003EPSS

2020-11-09 10:15 PM
24
cve
cve

CVE-2016-10750

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary...

8.1CVSS

8.1AI Score

0.026EPSS

2019-05-22 02:29 PM
85
2