Описание
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.0.0 (исключая)
cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00495
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
CWE-287
Связанные уязвимости
CVSS3: 6.5
redhat
почти 9 лет назад
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVSS3: 6.5
github
больше 3 лет назад
Infinispan Rest API Does Not Enforce Auth Constraints
EPSS
Процентиль: 65%
0.00495
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
CWE-287