Vulnerabilities > CVE-2023-3628

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

infinispan

NVD

Published: 2023-12-18

Updated: 2024-09-16

Summary

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Data Grid - Redhat Jboss Enterprise Application Platform 6 Redhat Data Grid 6.0.0 Redhat Data Grid 7.3.4 Redhat Data Grid 8.0 Redhat Data Grid 8.0.0 Redhat Data Grid 8.0.1 Redhat Data Grid 8.1.0 Redhat Data Grid 8.1.1	9
Application	Infinispan Infinispan Infinispan -	1

References

https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-3628
https://bugzilla.redhat.com/show_bug.cgi?id=2217924

Vulnerabilities > CVE-2023-3628 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-3628"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-3628