Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
infinispan infinispan vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-31917
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 up to and including 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability ...
Redhat Data Grid 8.0.0
Redhat Data Grid 8.0.1
Redhat Data Grid 8.1.0
Redhat Data Grid 8.1.1
Infinispan Infinispan-server-rest
9.8
CVSSv3
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Infinispan Infinispan
Redhat Jboss Data Grid 7.0.0
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Data Grid -
Redhat Openshift Application Runtimes -
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2021-3637
A flaw was found in keycloak-model-infinispan in keycloak versions prior to 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
Redhat Single Sign-on 7.0
Redhat Keycloak
7.4
CVSSv3
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
7.1
CVSSv3
CVE-2020-10771
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an malicious user to perform a cross-site request forgery (CSRF) attack.
Infinispan Infinispan-server-rest 10.0.0
Redhat Data Grid 8.0
Netapp Oncommand Insight -
6.5
CVSSv3
CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of...
Redhat Data Grid
Redhat Jboss Data Grid -
Infinispan Infinispan -
6.5
CVSSv3
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Redhat Data Grid
Infinispan Infinispan -
6.5
CVSSv3
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Data Grid
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Infinispan Infinispan -
6.5
CVSSv3
CVE-2020-25711
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Infinispan Infinispan
Redhat Data Grid 8.0
Netapp Active Iq Unified Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »