Infinispan 9.2.0 Beta 1

CPE Details

Infinispan 9.2.0 Beta 1
infinispan
infinispan
9.2.0
2018-06-21
09h52 +00:00
2018-06-21
09h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:infinispan:infinispan:9.2.0:beta1:*:*:*:*:*:*

Informations

Vendor

infinispan

Product

infinispan

Version

9.2.0

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-25711 2020-12-02 23h00 +00:00 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
6.5
Medium
CVE-2019-10158 2020-01-02 14h28 +00:00 A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
9.8
Critical
CVE-2019-10174 2019-11-25 09h26 +00:00 A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
8.8
High
CVE-2017-15089 2018-02-15 17h00 +00:00 It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
8.8
High