CVE-2018-1332

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 37.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache StormApache Software Foundation Apache Storm
Timeline
PublishedJun 5
Latest updateOct 17

Description

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.storm:storm-core1.2.01.2.2+1
NVDapache/storm1.0.6+2
CVEListV5apache_software_foundation/apache_stormApache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier

🔴Vulnerability Details

3
GHSA
Moderate severity vulnerability that affects org.apache.storm:storm-core2018-10-17
OSV
Moderate severity vulnerability that affects org.apache.storm:storm-core2018-10-17
CVEList
CVE-2018-1332: Apache Storm version 12018-06-05
CVE-2018-1332 (MEDIUM CVSS 6.5) | Apache Storm version 1.0.6 and earl | cvebase.io