Vulnerabilities > CVE-2020-10746 - Unspecified vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0

047910
CVSS 5.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
COMPLETE
local
low complexity
infinispan

Summary

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

Vulnerable Configurations

Part Description Count
Application
Infinispan
1