CVE-2023-45859

EPSS 0.5%
Veröffentlicht 28.02.2024 22:15:26
Zuletzt bearbeitet 13.05.2025 14:52:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hazelcast ≫ Hazelcast Version <= 4.1.10

Hazelcast ≫ Hazelcast Version >= 4.2.0 <= 4.2.8

Hazelcast ≫ Hazelcast Version >= 5.0.0 <= 5.0.5

Hazelcast ≫ Hazelcast Version >= 5.1.0 <= 5.1.7

Hazelcast ≫ Hazelcast Version >= 5.2.0 < 5.2.5

Hazelcast ≫ Hazelcast Version >= 5.3.0 < 5.3.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.39

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.6	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://github.com/hazelcast/hazelcast/pull/25509

Patch

https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-45859

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45859

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45859

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-45859