3 matches found
CVE-2018-1833
CVE-2018-1833 affects IBM Event Streams 2018.3.0. A remote attacker with prior CLI access can submit an API request using a forged Host header to spoof the request. The impact is limited to header spoofing as described in the IBM/X-Force context; no exploitation details beyond header manipulation...
CVE-2021-29792
IBM Event Streams 10.0.x–10.3.x are affected by CVE-2021-29792. The issue arises when generating PKCS12 truststores: the CA private key can be included in the truststore, which is distributed to clients via the UI/CLI, enabling a user to create their own certificates and deploy them in the cluste...
CVE-2020-4662
Summary : IBM Event Streams 10.0.0 schema registry contains a vulnerability due to improper authentication validation that could allow an authenticated user to perform tasks on a schema (create, edit, delete) without proper authorization. Impact : unauthorized schema operations; CVSSv3 base 8.8 (...