Apache Kafka Security Vulnerabilities
Content

Priority: Medium

Status: In Progress - Undergoing Analysis

 

First Published: 25 May 2022

Advisory Version: 1.0

References: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302, CVE-2019-17571, CVE-2020-9488 

 

Summary

Several security-related vulnerabilities have been reported in Apache Kafka, an open-source distributed event streaming platform. This advisory comprises information regarding the following Kafke-related CVEs:

CVE-2022-23307
CVE-2022-23305
CVE-2022-23302
CVE-2019-17571
CVE-2020-9488 

Hitachi Vantara software products determined to be affected by any of the aforementioned vulnerabilities will be indicated in this bulletin.
Additional information from Apache regarding these vulnerabilities may be found here.

 

Affected Products

Vulnerable Products

Hitachi Vantara is currently investigating applicable product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.

NOTE: If cited, product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.

Product Notes / Fixed Release Version
Software Products
None N/A

Products Confirmed Not Vulnerable

* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk.

Product Notes / Fixed Release Version
Software Products
Hitachi Ops Center
Analyzer (Detail View)
· CVE-2022-23307: Affected Kafka component not used.
· CVE-2022-23305: Affected Kafka components not enabled.
· CVE-2022-23302: Affected Kafka components not enabled.
· CVE-2019-17571: Affected Kafka components not used.
· CVE-2020-9488: Fixed version used.

Recommended Actions

Please continue to check this Security Advisory, as new information will be added to it as it becomes available.

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

Attachments
CXone Metadata