Skip to main content

Flume

3 CVEs product

Monthly

CVE-2022-42468 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-34916 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-25167 Maven CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache Flume
NVD
CVSS 3.1
9.8
EPSS
4.7%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy