CVE-2024-56518

Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.

CVSS

No CVSS.

References

Link	Resource
https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install	Product
https://gist.github.com/azraelxuemo/c3d42739aa3306a41111ef603dc65b4c	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hazelcast:management_center:*:*:*:*:-:*:*:*

History

07 Jul 2025, 18:18

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hazelcast:management_center:::::-:::*
First Time		Hazelcast management Center Hazelcast
References	~~() https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install -~~	() https://docs.hazelcast.com/management-center/6.0-snapshot/getting-started/install - Product
References	~~() https://gist.github.com/azraelxuemo/c3d42739aa3306a41111ef603dc65b4c -~~	() https://gist.github.com/azraelxuemo/c3d42739aa3306a41111ef603dc65b4c - Third Party Advisory

17 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-17 16:15

Updated : 2025-07-07 18:18

NVD link : CVE-2024-56518

Mitre link : CVE-2024-56518

JSON object : View

Products Affected

hazelcast

management_center

CWE

No CWE.

JSON object

Attach tags to CVE-2024-56518

Attach tags to `CVE-2024-56518`