VDB
CISA-2023-45859
CISA-2023-45859
PUBLISHED
CVSS 7.6 HIGH
Reported by mitre · Published February 28, 2024
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
Risk Scores
CVSS 3.1
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Feb 28, 2024 CVE Published
- Nov 29, 2024 CVE Updated