Maven package
com.hazelcast/hazelcast-enterprise
pkg:maven/com.hazelcast/hazelcast-enterprise
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45860 | — | >= 5.3.0, < 5.3.5 | 5.3.5 | Feb 16, 2024 | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. | ||
| CVE-2023-33265 | — | >= 5.2.0, < 5.2.4 | 5.2.4 | Jul 18, 2023 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted. | ||
| CVE-2022-36437 | — | < 3.12.13 | 3.12.13 | Dec 29, 2022 | The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5 |
- CVE-2023-45860Feb 16, 2024affected >= 5.3.0, < 5.3.5fixed 5.3.5
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
- CVE-2023-33265Jul 18, 2023affected >= 5.2.0, < 5.2.4fixed 5.2.4
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
- CVE-2022-36437Dec 29, 2022affected < 3.12.13fixed 3.12.13
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5