{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T14:07:24.489","vulnerabilities":[{"cve":{"id":"CVE-2022-32531","sourceIdentifier":"security@apache.org","published":"2022-12-15T19:15:17.673","lastModified":"2025-04-17T19:15:53.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves\nthe bookkeeper client vulnerable to a man in the middle attack.\n\nThe problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1."},{"lang":"es","value":"El cliente Java Apache Bookkeeper (anteriores a 4.14.6 y también a 4.15.0) no cierra la conexión con el servidor de contabilidad cuando falla la verificación del nombre de host TLS. Esto deja al cliente bookkeeper vulnerable al ataque de man in the middle. El problema afecta al cliente BookKeeper anterior a las versiones 4.14.6 y 4.15.1."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:bookkeeper:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.6","matchCriteriaId":"165DDEED-2AA8-4C6A-9A17-2F5639812306"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:bookkeeper:4.15.0:-:*:*:*:*:*:*","matchCriteriaId":"FEB56DB4-7402-4BE9-B580-6AD8E18BD6D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:bookkeeper:4.15.0:rc0:*:*:*:*:*:*","matchCriteriaId":"25931EF6-B967-4782-86EE-65764DD46FE1"}]}]}],"references":[{"url":"https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}