CVE-2023-45860

MEDIUM

Hazelcast Platform <5.3.4 - SQL Injection

Title source: llm
STIX 2.1

Description

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

Scores

CVSS v3 6.5
EPSS 0.0053
EPSS Percentile 40.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (3)
com.hazelcast/hazelcast 5.3.0 - 5.3.5Maven
com.hazelcast/hazelcast-enterprise 5.3.0 - 5.3.5Maven
hazelcast/hazelcast < 5.1.7
Published Feb 16, 2024
Tracked Since Feb 18, 2026