CVE-2017-2638 Vulnerability in maven package org.infinispan:infinispan-compatibility-mode-it

Description

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2017-1097.html

http://www.securityfocus.com/bid/97964

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638

https://github.com/infinispan/infinispan/pull/4936/commits

https://issues.jboss.org/browse/ISPN-7485

Related Vulnerabilities

CVE-2020-2192 Vulnerability in maven package org.jenkins-ci.plugins:swarm-plugin

CVE-2018-14721 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2016-10680 Vulnerability in npm package adamvr-geoip-lite

CVE-2020-7637 Vulnerability in maven package org.webjars.npm:class-transformer

CVE-2018-25007 Vulnerability in maven package com.vaadin:flow-server

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N