CVE-2017-12610

2018-07-2600:00:00

apache

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.3%

JSON

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

CNA Affected

[
  {
    "product": "Apache Kafka",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "0.10.0.0 to 0.10.2.1"
      },
      {
        "status": "affected",
        "version": "0.11.0.0 to 0.11.0.1"
      }
    ]
  }
]