SB2022112246 - IBM Log Analysis update for Apache Kafka
Published: November 22, 2022
Security Bulletin ID
SB2022112246
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2018-17196)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper security restrictions imposed by the affected software. A remote authenticated attacker with write permission on respective topics can send a crafted Produce request that is designed to bypass transaction/idempotent access control list (ACL) validation.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-kafka-affect-ibm-operations-analytics-log-analysis-cve-2018-17196/"
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-from-apache-kafka-affect-ibm-operations-analytics-log-analysis-cve-2018-17196/</a></p><p>
- https://www.ibm.com/support/pages/node/6840085</p><p><br></p>