Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/97964
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
https://github.com/infinispan/infinispan/pull/4936/commits
https://issues.jboss.org/browse/ISPN-7485
Related Vulnerabilities
CVE-2015-5209 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-23820 Vulnerability in npm package json-pointer
CVE-2022-43670 Vulnerability in maven package org.apache.sling:org.apache.sling.cms
CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter
CVE-2020-2266 Vulnerability in maven package org.jenkins-ci.plugins:description-column-plugin