{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T19:14:11.970","vulnerabilities":[{"cve":{"id":"CVE-2021-38153","sourceIdentifier":"security@apache.org","published":"2021-09-22T09:15:07.847","lastModified":"2024-11-21T06:16:30.110","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0."},{"lang":"es","value":"Algunos componentes de Apache Kafka usan \"Arrays.equals\" para comprender una contraseña o clave, lo cual es vulnerable a ataques de tiempo que hacen que los ataques de fuerza bruta para dichas credenciales tengan más probabilidades de éxito. Los usuarios deben actualizar a la versión 2.8.1 o superior, o a la 3.0.0 o superior, donde se ha corregido esta vulnerabilidad. Las versiones afectadas son Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1 y 2.8.0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.6.3","matchCriteriaId":"37D255E1-95C1-4A9B-B934-E2F0DB117CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.2","matchCriteriaId":"E2F46DB5-7FE5-4496-AC7F-CA471BBE3866"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:kafka:2.8.0:-:*:*:*:*:*:*","matchCriteriaId":"AF660B80-E5F4-4253-95F6-91AABDDC8944"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","versionEndExcluding":"2.2.4","matchCriteriaId":"6677F86F-5933-460E-B978-23A4C1407CB0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"12.0.0.4.6","matchCriteriaId":"6894D860-000E-439D-8AB7-07E9B2ACC31B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"FD66C717-85E0-40E7-A51F-549C8196D557"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"B4367D9B-BF81-47AD-A840-AC46317C774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.6.0","versionEndIncluding":"8.0.9.0","matchCriteriaId":"16A8C8B8-1D49-4AE6-9581-8C9D6F2EEBFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.0.0","versionEndIncluding":"8.1.20","matchCriteriaId":"A5DCBA98-B60C-4D51-960D-2C0833762CC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.6.0.0","versionEndIncluding":"8.0.8.0","matchCriteriaId":"147A4225-A2D5-4AA1-96D1-6D95A192B596"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A4B3A10E-70A8-4332-8567-06AE2C45D3C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"059F0D4E-B007-4986-AB95-89F11147CB2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6CAC78AD-86BB-4F06-B8CF-8E1329987F2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*","matchCriteriaId":"C64D669C-513E-4C53-8BB8-13EB336CDC3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*","matchCriteriaId":"D4BDDBCD-4038-4BEC-91DB-587C2FBC6369"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*","matchCriteriaId":"F6394E90-2F2C-4955-9F97-BFED76D4333B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*","matchCriteriaId":"5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"44563108-AD89-49A0-9FA5-7DE5A5601D2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FCA5DC3F-E7D8-45E3-8114-2213EC631CDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*","matchCriteriaId":"202AD518-2E9B-4062-B063-9858AE1F9CE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*","matchCriteriaId":"10864586-270E-4ACF-BDCC-ECFCD299305F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*","matchCriteriaId":"38340E3C-C452-4370-86D4-355B6B4E0A06"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*","matchCriteriaId":"E9C55C69-E22E-4B80-9371-5CD821D79FE2"}]}]}],"references":[{"url":"https://kafka.apache.org/cve-list","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://kafka.apache.org/cve-list","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r26390c8b09ecfa356582d665b0c01f4cdcf16ac047c85f9f9f06a88c%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cdev.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd9ef217b09fdefaf32a4e1835b59b96629542db57e1f63edb8b006e6%40%3Cusers.kafka.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}