Known Vulnerabilities for products from Infinispan
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Infinispan".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-31917 | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker ... | 9.8 - CRITICAL | 2021-09-21 | 2022-01-11 |
| CVE-2020-25711 | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server mana... | 6.5 - MEDIUM | 2020-12-03 | 2022-11-10 |
| CVE-2020-10771 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using... | 7.1 - HIGH | 2021-06-02 | 2021-11-30 |
| CVE-2020-10746 | A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to contro... | 6.1 - MEDIUM | 2020-10-19 | 2021-10-26 |
| CVE-2019-10174 | A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any... | 8.8 - HIGH | 2019-11-25 | 2022-02-20 |
| CVE-2019-10158 | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in... | 9.8 - CRITICAL | 2020-01-02 | 2023-12-27 |
| CVE-2018-1131 | Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations.... | 8.8 - HIGH | 2018-05-15 | 2019-10-09 |
| CVE-2017-15089 | It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from ... | 8.8 - HIGH | 2018-02-15 | 2019-06-04 |
| CVE-2017-2638 | It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker coul... | 6.5 - MEDIUM | 2018-07-16 | 2019-10-09 |
| CVE-2016-0750 | The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain even... | 8.8 - HIGH | 2018-09-11 | 2023-11-07 |
Known software with vulnerabilities from Infinispan
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Infinispan | Infinispan | - |