Red Hat Data Grid 8.1.1

CPE Details

Red Hat Data Grid 8.1.1
redhat
data_grid
8.1.1
2021-10-04
13h02 +00:00
2021-10-04
16h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:data_grid:8.1.1:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

data_grid

Version

8.1.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5384 2023-12-18 13h43 +00:00 A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
7.2
High
CVE-2023-5236 2023-12-18 13h43 +00:00 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
6.5
Medium
CVE-2023-3629 2023-12-18 13h43 +00:00 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
6.5
Medium
CVE-2023-3628 2023-12-18 13h43 +00:00 A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
6.5
Medium
CVE-2021-31917 2021-09-21 08h33 +00:00 A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8
Critical