CVE-2021-31917
Summary
| CVE | CVE-2021-31917 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-21 11:15:00 UTC |
| Updated | 2022-01-11 16:21:00 UTC |
| Description | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Infinispan | Infinispan | All | All | All | All |
| Application | Infinispan | Infinispan-server-rest | All | All | All | All |
| Application | Infinispan | Infinispan-server-rest | All | All | All | All |
| Application | Redhat | Data Grid | 8.0.0 | All | All | All |
| Application | Redhat | Data Grid | 8.0.1 | All | All | All |
| Application | Redhat | Data Grid | 8.1.0 | All | All | All |
| Application | Redhat | Data Grid | 8.1.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.