Red Hat Data Grid 8.0

CPE Details

Red Hat Data Grid 8.0
redhat
data_grid
8.0
2020-10-07
11h34 +00:00
2021-05-07
12h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

data_grid

Version

8.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5384 2023-12-18 13h43 +00:00 A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
7.2
High
CVE-2023-5236 2023-12-18 13h43 +00:00 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
6.5
Medium
CVE-2023-3629 2023-12-18 13h43 +00:00 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
6.5
Medium
CVE-2023-3628 2023-12-18 13h43 +00:00 A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
6.5
Medium
CVE-2021-3642 2021-08-05 18h48 +00:00 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
5.3
Medium
CVE-2020-10771 2021-06-02 09h02 +00:00 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
7.1
High
CVE-2021-3536 2021-05-20 10h15 +00:00 A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
4.8
Medium
CVE-2020-25711 2020-12-02 23h00 +00:00 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
6.5
Medium
CVE-2020-25644 2020-10-05 22h00 +00:00 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
7.5
High