Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Kafka
CVEID:CVE-2018-17196
**DESCRIPTION:**In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Netcool Operations Insight - Cloud Native Event Analytics | 1.6.0 |
Upgrade Operations Insight to 1.6.0.1
None
CPE | Name | Operator | Version |
---|---|---|---|
netcool operations insight | eq | 1.6.0 |