Vulnerabilities > CVE-2020-25711 - Missing Authorization vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
infinispan
redhat
netapp
CWE-862

Summary

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Vulnerable Configurations

Part Description Count
Application
Infinispan
217
Application
Redhat
1
Application
Netapp
3

Common Weakness Enumeration (CWE)