Описание
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | infinispan | Not affected | ||
| Red Hat Fuse 7 | camel | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | infinispan | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | infinispan | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | infinispan | Not affected | ||
| Red Hat JBoss Fuse 6 | camel | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | infinispan | Not affected | ||
| Red Hat JBoss Operations Network 3 | infinispan | Not affected | ||
| Red Hat OpenShift Application Runtimes | infinispan | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=1714359infinispan: Session fixation protection broken for Spring Session integration
EPSS
Процентиль: 66%
0.00509
Низкий
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
CVSS3: 9.8
github
около 6 лет назад
Improper implementation of the session fixation protection in Infinispan
EPSS
Процентиль: 66%
0.00509
Низкий
5.4 Medium
CVSS3