WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-rest

Description

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1897618

https://security.netapp.com/advisory/ntap-20220210-0023/

Related Vulnerabilities

CVE-2020-5397 Vulnerability in maven package org.springframework:spring-webflux

CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher

CVE-2022-39246 Vulnerability in maven package org.matrix.android:matrix-android-sdk2

CVE-2022-23305 Vulnerability in maven package log4j:log4j

CVE-2022-1243 Vulnerability in maven package org.webjars.npm:urijs

Severity

High

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Tags

Issue Tracking Third Party Advisory