Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/97964
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
https://github.com/infinispan/infinispan/pull/4936/commits
https://issues.jboss.org/browse/ISPN-7485
Related Vulnerabilities
CVE-2022-38179 Vulnerability in maven package io.ktor:ktor-utils
CVE-2019-0232 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-10753 Vulnerability in maven package com.diffplug.spotless:spotless-eclipse-wtp
CVE-2017-12962 Vulnerability in npm package node-sass
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-manager