Skip to main content

Hazelcast

5 CVEs product

Monthly

CVE-2023-33265 Maven HIGH PATCH This Week

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Imdg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-33264 Maven MEDIUM PATCH This Month

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Hazelcast
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-36437 Maven CRITICAL PATCH Act Now

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Hazelcast Hazelcast Jet
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-0265 Maven CRITICAL POC PATCH Act Now

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Hazelcast
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-26168 CRITICAL Act Now

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Jet
NVD
CVSS 3.1
9.8
EPSS
1.6%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Imdg
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Hazelcast
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Hazelcast +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Hazelcast
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Jet
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy