Published: 11/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The hotrod java client in infinispan prior to 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
infinispan infinispan

Synopsis Moderate: Red Hat Single Sign-On 721 security update Type/Severity Security Advisory: Moderate Topic Red Hat Single Sign-On 721 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Synopsis Important: Red Hat JBoss Data Grid 711 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Data Grid 711 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks ...

CWE-502 https://issues.jboss.org/browse/ISPN-7781 https://github.com/infinispan/infinispan/pull/5116 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750 https://access.redhat.com/errata/RHSA-2018:0501 https://access.redhat.com/errata/RHSA-2017:3244 http://www.securityfocus.com/bid/101910 https://access.redhat.com/errata/RHSA-2018:0501 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-0750

CVE-2016-0750

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect