Vulnerabilities > CVE-2019-10174 - Unsafe Reflection vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2019-11-25

Updated: 2022-02-20

Summary

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

Vulnerable Configurations

Part	Description	Count
Application	Infinispan Infinispan Infinispan - Infinispan Infinispan 4.0.0 Infinispan Infinispan 4.1.0 Infinispan Infinispan 4.2.0 Infinispan Infinispan 4.2.1 Infinispan Infinispan 5.0.0 Infinispan Infinispan 5.0.1 Infinispan Infinispan 5.1.0 Infinispan Infinispan 5.1.1 Infinispan Infinispan 5.1.2 Infinispan Infinispan 5.1.3 Infinispan Infinispan 5.1.4 Infinispan Infinispan 5.1.5 Infinispan Infinispan 5.1.6 Infinispan Infinispan 5.1.7 Infinispan Infinispan 5.1.8 Infinispan Infinispan 5.2.0 Infinispan Infinispan 5.2.1 Infinispan Infinispan 5.2.2 Infinispan Infinispan 5.2.3 Infinispan Infinispan 5.2.4 Infinispan Infinispan 5.2.5 Infinispan Infinispan 5.2.6 Infinispan Infinispan 5.2.7 Infinispan Infinispan 5.2.8 Infinispan Infinispan 5.2.9 Infinispan Infinispan 5.2.10 Infinispan Infinispan 5.2.11 Infinispan Infinispan 5.2.12 Infinispan Infinispan 5.2.13 Infinispan Infinispan 5.2.14 Infinispan Infinispan 5.2.15 Infinispan Infinispan 5.2.16 Infinispan Infinispan 5.2.17 Infinispan Infinispan 5.2.18 Infinispan Infinispan 5.2.19 Infinispan Infinispan 5.2.20 Infinispan Infinispan 5.2.21 Infinispan Infinispan 5.2.22 Infinispan Infinispan 5.2.23 Infinispan Infinispan 5.3.0 Infinispan Infinispan 6.0.0 Infinispan Infinispan 6.0.1 Infinispan Infinispan 6.0.2 Infinispan Infinispan 7.0.0 Infinispan Infinispan 7.0.1 Infinispan Infinispan 7.0.2 Infinispan Infinispan 7.0.3 Infinispan Infinispan 7.1.0 Infinispan Infinispan 7.1.1 Infinispan Infinispan 7.2.0 Infinispan Infinispan 7.2.1 Infinispan Infinispan 7.2.2 Infinispan Infinispan 7.2.3 Infinispan Infinispan 7.2.4 Infinispan Infinispan 7.2.5 Infinispan Infinispan 8.0.0 Infinispan Infinispan 8.0.1 Infinispan Infinispan 8.0.2 Infinispan Infinispan 8.1.0 Infinispan Infinispan 8.1.1 Infinispan Infinispan 8.1.2 Infinispan Infinispan 8.1.3 Infinispan Infinispan 8.1.4 Infinispan Infinispan 8.1.5 Infinispan Infinispan 8.1.6 Infinispan Infinispan 8.1.7 Infinispan Infinispan 8.1.8 Infinispan Infinispan 8.1.9 Infinispan Infinispan 8.2.0 Infinispan Infinispan 8.2.1 Infinispan Infinispan 8.2.2 Infinispan Infinispan 8.2.3 Infinispan Infinispan 8.2.4 Infinispan Infinispan 8.2.5 Infinispan Infinispan 8.2.6 Infinispan Infinispan 8.2.7 Infinispan Infinispan 8.2.8 Infinispan Infinispan 8.2.9 Infinispan Infinispan 8.2.10 Infinispan Infinispan 8.2.11 Infinispan Infinispan 9.0.0 Infinispan Infinispan 9.0.1 Infinispan Infinispan 9.0.2 Infinispan Infinispan 9.0.3 Infinispan Infinispan 9.1.0 Infinispan Infinispan 9.1.1 Infinispan Infinispan 9.1.2 Infinispan Infinispan 9.1.3 Infinispan Infinispan 9.1.4 Infinispan Infinispan 9.1.5 Infinispan Infinispan 9.1.6 Infinispan Infinispan 9.1.7 Infinispan Infinispan 9.2.0 Infinispan Infinispan 9.2.1 Infinispan Infinispan 9.2.2 Infinispan Infinispan 9.2.3 Infinispan Infinispan 9.2.4 Infinispan Infinispan 9.2.5 Infinispan Infinispan 9.3.0 Infinispan Infinispan 9.3.6 Infinispan Infinispan 9.3.8 Infinispan Infinispan 9.3.9 Infinispan Infinispan 9.4.0 Infinispan Infinispan 9.4.1 Infinispan Infinispan 9.4.2 Infinispan Infinispan 9.4.3 Infinispan Infinispan 9.4.4 Infinispan Infinispan 9.4.5 Infinispan Infinispan 9.4.6 Infinispan Infinispan 9.4.7 Infinispan Infinispan 9.4.8 Infinispan Infinispan 9.4.9 Infinispan Infinispan 9.4.10 Infinispan Infinispan 9.4.11 Infinispan Infinispan 9.4.12 Infinispan Infinispan 9.4.13 Infinispan Infinispan 9.4.14 Infinispan Infinispan 9.4.15 Infinispan Infinispan 9.4.16	184
Application	Redhat Redhat Fuse 1.0 Redhat Jboss Data Grid - Redhat Jboss Enterprise Application Platform - Redhat Jboss Enterprise Application Platform 7.2 Redhat Openshift Application Runtimes - Redhat Single Sign ON -	6
Application	Netapp Netapp Active IQ Unified Manager -	3
OS	Redhat Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0	3

Common Weakness Enumeration (CWE)

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-2063.NASL
description	The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2063 advisory. - mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371) - infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-15
modified	2020-05-11
plugin id	136479
published	2020-05-11
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136479
title	RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.2 (RHSA-2020:2063)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2063. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136479); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13"); script_cve_id("CVE-2018-14371", "CVE-2019-10174"); script_xref(name:"RHSA", value:"2020:2063"); script_name(english:"RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.2 (RHSA-2020:2063)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2063 advisory. - mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371) - infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/470.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2063"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-14371"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10174"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1607709"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1703469"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10174"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(22, 470); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7\|8)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x / 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'eap7-glassfish-jsf-2.3.5-11.SP3_redhat_00009.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-jdbc-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-remote-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-client-hotrod-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-commons-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-core-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-commons-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-spi-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-v53-9.3.9-1.Final_redhat_00001.1.el6eap', 'release':'6', 'el_string':'el6eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-glassfish-jsf-2.3.5-11.SP3_redhat_00009.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-jdbc-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-remote-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-client-hotrod-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-commons-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-core-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-commons-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-spi-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-v53-9.3.9-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-glassfish-jsf-2.3.5-11.SP3_redhat_00009.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-jdbc-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-cachestore-remote-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-client-hotrod-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-commons-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-core-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-commons-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-spi-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE}, {'reference':'eap7-infinispan-hibernate-cache-v53-9.3.9-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-glassfish-jsf / eap7-infinispan / eap7-infinispan-cachestore-jdbc / etc'); }

Redhat

advisories

rhsa
id RHSA-2020:0481
rhsa
id RHSA-2020:0727

rpms

eap7-glassfish-jsf-0:2.3.5-11.SP3_redhat_00009.1.el6eap
eap7-glassfish-jsf-0:2.3.5-11.SP3_redhat_00009.1.el7eap
eap7-glassfish-jsf-0:2.3.5-11.SP3_redhat_00009.1.el8eap
eap7-infinispan-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-cachestore-jdbc-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-cachestore-jdbc-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-cachestore-jdbc-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-cachestore-remote-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-cachestore-remote-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-cachestore-remote-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-client-hotrod-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-client-hotrod-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-client-hotrod-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-commons-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-commons-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-commons-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-core-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-core-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-core-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-commons-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-commons-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-commons-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-spi-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-spi-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-spi-0:9.3.9-1.Final_redhat_00001.1.el8eap
eap7-infinispan-hibernate-cache-v53-0:9.3.9-1.Final_redhat_00001.1.el6eap
eap7-infinispan-hibernate-cache-v53-0:9.3.9-1.Final_redhat_00001.1.el7eap
eap7-infinispan-hibernate-cache-v53-0:9.3.9-1.Final_redhat_00001.1.el8eap

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References