High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-04	CVE-2023-4586	Improper Certificate Validation vulnerability in multiple products A vulnerability was found in the Hot Rod client. network high complexity redhat infinispan CWE-295	7.4
2021-06-02	CVE-2020-10771	A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. network low complexity infinispan redhat netapp	7.1
2019-11-25	CVE-2019-10174	Unsafe Reflection vulnerability in multiple products A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. network low complexity infinispan redhat netapp CWE-470	8.8
2018-09-11	CVE-2016-0750	Deserialization of Untrusted Data vulnerability in Infinispan The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. network low complexity infinispan CWE-502	8.8
2018-05-15	CVE-2018-1131	Deserialization of Untrusted Data vulnerability in multiple products Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. network low complexity infinispan redhat CWE-502	8.8
2018-02-15	CVE-2017-15089	Deserialization of Untrusted Data vulnerability in Infinispan It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. network low complexity infinispan CWE-502	8.8