CVE-2018-1288

Published Jul 26, 2018

Last updated a year ago

CVSS medium 5.4

Overview

Description: In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B62ED53-55D4-4606-8573-8F0DC8822FCE",
            "versionEndIncluding": "0.9.0.1",
            "versionStartExcluding": "0.9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C70CB00-3825-45E7-A1BA-ECE1DEE7A2A7",
            "versionEndIncluding": "0.10.2.1",
            "versionStartIncluding": "0.10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D23CBB01-B4A1-4995-A55E-5518993AD487",
            "versionEndIncluding": "0.11.0.2",
            "versionStartIncluding": "0.11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:kafka:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C7B64BF-F3CC-4F58-9C30-D986AB04D0FB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5100F5C8-D5F8-466B-AABE-E42B3770B39D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F3C58EE-B36B-4081-A307-0FE9B52D8E62"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E221FD4B-190F-4752-9617-FB0C704E7AFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "412CCE88-6555-4129-BCEC-DF7DD28C9CE1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B7038B7-BBBB-4C8A-9479-204E11669A63"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE19678-FB27-4E29-A7BF-232141D52502",
            "versionEndIncluding": "19.12.6.0",
            "versionStartIncluding": "19.12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F06877B6-A08F-4305-874E-6CD691B88D12",
            "versionEndExcluding": "18.1.2.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References