Description

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.

INFO

Published Date :

2025-04-17T00:00:00.000Z

Last Modified :

2025-04-17T16:12:30.676Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56518 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56518.

URL Resource
https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install cve-icon cve-icon
https://gist.github.com/azraelxuemo/c3d42739aa3306a41111ef603dc65b4c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System