Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheFlume

3 matches found

CVE
CVEadded 2022/08/21 8:15 a.m.124 views

CVE-2022-34916

CVE-2022-34916 affects Apache Flume versions 1.4.0–1.10.0, where a JMS Source using a JNDI LDAP data source URI can enable remote code execution if an attacker controls the target LDAP server. The vulnerability stems from how JMSMessageConsumer handles JNDI lookups, allowing code execution throug...

9.8CVSS9.6AI score0.0266EPSS
CVE
CVEadded 2022/10/26 12:0 a.m.93 views

CVE-2022-42468

Apache Flume (versions 1.4.0–1.10.1) is vulnerable to remote code execution when a JMS Source is configured with an unsafe providerURL, due to JMSSource performing an unvalidated JNDI lookup. The issue is fixed by updating to 1.11.0, which limits JNDI to java protocol or no protocol. Red Hat and ...

9.8CVSS9.7AI score0.06404EPSS
CVE
CVEadded 2022/06/14 7:55 a.m.85 views

CVE-2022-25167

Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...

9.8CVSS9.7AI score0.05291EPSS