Known Vulnerabilities for products from Infinispan
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Infinispan".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6857 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2023-5384 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 2.7 - LOW | 2023-12-18 | 2024-01-25 |
| CVE-2023-5236 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-12-18 | 2024-01-25 |
| CVE-2023-4586 json | A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname va... | 7.4 - HIGH | 2023-10-04 | 2023-12-06 |
| CVE-2023-3629 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-12-18 | 2024-01-25 |
| CVE-2023-3628 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-12-18 | 2024-01-25 |
| CVE-2021-31917 json | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker ... | 9.8 - CRITICAL | 2021-09-21 | 2022-01-11 |
| CVE-2020-25711 json | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server mana... | 6.5 - MEDIUM | 2020-12-03 | 2022-11-10 |
| CVE-2020-10771 json | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using... | 7.1 - HIGH | 2021-06-02 | 2021-11-30 |
| CVE-2020-10746 json | A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to contro... | 6.1 - MEDIUM | 2020-10-19 | 2021-10-26 |
| CVE-2019-10174 json | A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any... | 8.8 - HIGH | 2019-11-25 | 2022-02-20 |
| CVE-2019-10158 json | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in... | 9.8 - CRITICAL | 2020-01-02 | 2023-12-27 |
| CVE-2018-1131 json | Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations.... | 8.8 - HIGH | 2018-05-15 | 2019-10-09 |
| CVE-2017-15089 json | It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from ... | 8.8 - HIGH | 2018-02-15 | 2019-06-04 |
| CVE-2017-2638 json | It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker coul... | 6.5 - MEDIUM | 2018-07-16 | 2019-10-09 |
| CVE-2016-0750 json | The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain even... | 8.8 - HIGH | 2018-09-11 | 2023-11-07 |
Known software with vulnerabilities from Infinispan
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Infinispan | Infinispan | - |