Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
infinispan infinispan vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-31917
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 up to and including 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability ...
Infinispan Infinispan-server-rest
Redhat Data Grid 8.0.0
Redhat Data Grid 8.0.1
Redhat Data Grid 8.1.0
Redhat Data Grid 8.1.1
7.5
CVSSv2
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Infinispan Infinispan
Redhat Jboss Data Grid 7.0.0
6.5
CVSSv2
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
5.8
CVSSv2
CVE-2020-10771
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an malicious user to perform a cross-site request forgery (CSRF) attack.
Infinispan Infinispan-server-rest 10.0.0
Redhat Data Grid 8.0
Netapp Oncommand Insight -
5.6
CVSSv2
CVE-2020-10746
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creatio...
Infinispan Infinispan-server-runtime 10.0.0
5
CVSSv2
CVE-2021-3637
A flaw was found in keycloak-model-infinispan in keycloak versions prior to 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
Redhat Keycloak
Redhat Single Sign-on 7.0
4.9
CVSSv2
CVE-2020-25711
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Infinispan Infinispan
Redhat Data Grid 8.0
Netapp Active Iq Unified Manager -
NA
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Redhat Data Grid
Infinispan Infinispan -
NA
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Data Grid
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Infinispan Infinispan -
NA
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of...
Redhat Data Grid
Redhat Jboss Data Grid -
Infinispan Infinispan -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »