Hazelcast Security Vulnerabilities and Issues — Hazelcast CVE List

Lucene search

HazelcastHazelcast

8 matches found

CVE•added 2022/12/29 11:15 p.m.•193 views

CVE-2022-36437

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected ...

9.1CVSS8.9AI score0.0034EPSS

CVE•added 2022/03/03 10:15 p.m.•190 views

CVE-2022-0265

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.

9.8CVSS8.4AI score0.09239EPSS

CVE•added 2023/05/22 1:15 a.m.•149 views

CVE-2023-33264

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

4.3CVSS4.4AI score0.01571EPSS

CVE•added 2023/07/18 4:15 p.m.•135 views

CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

8.8CVSS8.7AI score0.00172EPSS

CVE•added 2019/05/22 2:29 p.m.•119 views

CVE-2016-10750

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.

8.1CVSS8.1AI score0.04336EPSS

CVE•added 2024/02/28 10:15 p.m.•87 views

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

7.6CVSS6.2AI score0.00201EPSS

CVE•added 2024/02/16 10:15 a.m.•61 views

CVE-2023-45860

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

6.5CVSS7AI score0.00459EPSS

CVE•added 2020/11/09 10:15 p.m.•35 views

CVE-2020-26168

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid password...

9.8CVSS9.5AI score0.00866EPSS