Vulnerabilities > Hazelcast > Hazelcast > 2.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-33264 | Insufficiently Protected Credentials vulnerability in Hazelcast In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. | 4.3 |
| 2022-12-29 | CVE-2022-36437 | Session Fixation vulnerability in Hazelcast Hazelcast-Jet The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. | 9.1 |
| 2019-05-22 | CVE-2016-10750 | Deserialization of Untrusted Data vulnerability in Hazelcast In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. | 6.8 |