Vulnerabilities > Infinispan > Infinispan
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-3628 | A flaw was found in Infinispan's REST. | 6.5 |
2023-12-18 | CVE-2023-3629 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. | 6.5 |
2023-12-18 | CVE-2023-5236 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. | 6.5 |
2023-12-18 | CVE-2023-5384 | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in Infinispan. | 2.7 |
2020-12-03 | CVE-2020-25711 | Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. | 6.5 |
2020-01-02 | CVE-2019-10158 | Session Fixation vulnerability in multiple products A flaw was found in Infinispan through version 9.4.14.Final. | 9.8 |
2019-11-25 | CVE-2019-10174 | Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. | 6.5 |
2018-09-11 | CVE-2016-0750 | Deserialization of Untrusted Data vulnerability in Infinispan The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. | 8.8 |
2018-07-16 | CVE-2017-2638 | Improper Authentication vulnerability in multiple products It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. | 6.4 |
2018-05-15 | CVE-2018-1131 | Deserialization of Untrusted Data vulnerability in multiple products Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. | 6.5 |