Home

CVE-2021-38153

Description

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.432

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients 2.6.3Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients 2.7.2Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients 2.8.1Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 2.6.3Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 2.7.2Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 2.8.1Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 2.6.3Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 2.7.2Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 2.8.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Vulnerabilities CVE-2021-38153 are affected in Apache - kafka_2.11 2.4.1Windows
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients for Linux 2.6.3Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients for Linux 2.7.2Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka-clients for Linux 2.8.1Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 for Linux 2.6.3Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 for Linux 2.7.2Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.12 for Linux 2.8.1Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 for Linux 2.6.3Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 for Linux 2.7.2Linux
Vulnerabilities CVE-2021-38153 are fixed in Apache-kafka_2.13 for Linux 2.8.1Linux
Vulnerabilities CVE-2021-38153 are affected in Apache - kafka_2.11 for Linux 2.4.1Linux
Observable Discrepancy Vulnerability (CVE-2021-38153)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234