V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
BDU:2022-03778
BDU
High

Уязвимость диспетчера сообщений Apache Kafka связана с недостатками разграничения доступа при использовании списка управления доступом ACL …

CVSS
8.8
High
EPSS
0.00
p0
Published
2022-01-01
Updated
2022-01-01
Description

Уязвимость диспетчера сообщений Apache Kafka связана с недостатками разграничения доступа при использовании списка управления доступом ACL (Access Control List). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности с помощью специально созданного запроса

Affected products
Apache software foundation KafkaIbm corp. Ibm qradar siemIbm corp. Ibm qradar siemIbm corp. Ibm qradar siemOracle corp. Primavera p6 enterprise project portfolio managementOracle corp. Primavera unifierOracle corp. Primavera unifier
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Oracle
Primavera UnifierPrimavera P6 Enterprise Project Portfolio Management
IBM
Ibm Qradar Siem
Apache
Kafka
ProductVendorStatus
kafkaapache software foundationTracked
ibm qradar siemibm corp.Tracked
ibm qradar siemibm corp.Tracked
ibm qradar siemibm corp.Tracked
primavera p6 enterprise project portfolio managementoracle corp.Tracked
primavera unifieroracle corp.Tracked
primavera unifieroracle corp.Tracked
Source databases
BDU
Related vulnerabilities
CVE-2018-17196
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17196@https://www.ibm.com/blogs/psirt/security-bulletin-apache-kafka-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-38153-cve-2018-17196/@https://bugzilla.redhat.com/show_bug.cgi?id=1732309@https://access.redhat.com/security/cve/cve-2018-17196@https://www.oracle.com/security-alerts/cpujul2020.html@https://www.oracle.com/security-alerts/cpuoct2020.html@http://www.securityfocus.com/bid/109139@Third@Party@Advisory@https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E@https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E@https://lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3E@https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E@https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E@https://lists.apache.org/thread.html/r8890b8f18f1de821595792b58b968a89692a255bc20d86d395270740@%3Ccommits.druid.apache.org%3E@https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E@https://www.mail-archive.com/dev@kafka.apache.org/msg99277.html