Описание
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.
Отчет
Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Integration Camel Quarkus 1 | hazelcast | Will not fix | ||
| Red Hat Fuse 7.11.1.P1 | hazelcast | Fixed | RHSA-2023:0483 | 26.01.2023 |
| Red Hat Fuse 7.12 | Fixed | RHSA-2023:3954 | 29.06.2023 | |
| Red Hat Fuse on EAP 7.11.1.P1 | hazelcast | Fixed | RHSA-2023:0661 | 08.02.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
The Connection handler in Hazelcast and Hazelcast Jet allows a remote ...
EPSS
9.1 Critical
CVSS3