Apache Storm
6 CVEs affecting Apache Storm. Latest disclosed: 2026-04-27. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-3188 | Critical | 9.8 | 2017-01-13 | The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. |
CVE-2017-9799 | High | 8.8 | 2017-08-09 | It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner… |
CVE-2014-0115 | High | 7.5 | 2017-10-30 | Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file para… |
CVE-2026-41081 | Medium | 6.5 | 2026-04-27 | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description… |
CVE-2018-11779 | | 2019-07-25 | In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to d… | |
CVE-2019-0202 | | 2019-07-25 | The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating… |