Vulnerabilities > CVE-2020-10746 - Unspecified vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0

CVSS 5.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

COMPLETE

local

low complexity

infinispan

NVD

Published: 2020-10-19

Updated: 2021-10-26

Summary

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

Vulnerable Configurations

Part	Description	Count
Application	Infinispan Infinispan Infinispan Server Runtime 10.0.0	1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1835922