CPE-5746AB34-BF0A-469E-9C05-C1EF539E0F90 Detail

CPE Details

Infinispan 5.2.2

Vendor

infinispan

Product

infinispan

Version

5.2.2

Created

2018-06-21
09h51 +00:00

Modified

2018-06-21
09h51 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:infinispan:infinispan:5.2.2:::::::*

Informations

Vendor

infinispan

Product

infinispan

Version

5.2.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2020-25711	2020-12-02 23h00 +00:00	A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.	6.5	Medium
CVE-2019-10158	2020-01-02 14h28 +00:00	A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.	9.8	Critical
CVE-2019-10174	2019-11-25 09h26 +00:00	A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.	8.8	High
CVE-2016-0750	2018-09-11 11h00 +00:00	The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.	8.8	High
CVE-2017-2638	2018-07-16 11h00 +00:00	It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.	6.5	Medium
CVE-2017-15089	2018-02-15 17h00 +00:00	It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.	8.8	High

Infinispan 5.2.2

CPE Details

CPE Name: cpe:2.3:a:infinispan:infinispan:5.2.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:infinispan:infinispan:5.2.2:::::::*