Vulnerabilities > Infinispan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-3628 | A flaw was found in Infinispan's REST. | 6.5 |
| 2023-12-18 | CVE-2023-3629 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. | 6.5 |
| 2023-12-18 | CVE-2023-5236 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. | 6.5 |
| 2020-12-03 | CVE-2020-25711 | Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. | 6.5 |
| 2020-10-19 | CVE-2020-10746 | Unspecified vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0 A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. | 6.1 |
| 2018-07-16 | CVE-2017-2638 | Improper Authentication vulnerability in multiple products It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. | 6.5 |