Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-32531 Vulnerability in maven package org.apache.bookkeeper:bookkeeper-common

Description

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Remediation

References

https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

Related Vulnerabilities

CVE-2021-42340 Vulnerability in maven package org.apache.tomcat:tomcat-websocket

CVE-2021-28655 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2021-24122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Mailing List Vendor Advisory NVD-CWE-noinfo