Vulnerabilities > Redhat > Data Grid

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-7885 Unspecified vulnerability in Redhat products
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests.
network
low complexity
redhat
7.5
2023-12-18 CVE-2023-3628 A flaw was found in Infinispan's REST.
network
low complexity
redhat infinispan
6.5
2023-12-18 CVE-2023-3629 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation.
network
low complexity
redhat infinispan
6.5
2023-12-18 CVE-2023-5236 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling.
network
low complexity
redhat infinispan
6.5
2023-12-18 CVE-2023-5384 Cleartext Storage of Sensitive Information vulnerability in multiple products
A flaw was found in Infinispan.
network
low complexity
redhat infinispan CWE-312
2.7
2023-10-04 CVE-2023-4586 Improper Certificate Validation vulnerability in multiple products
A vulnerability was found in the Hot Rod client.
network
high complexity
redhat infinispan CWE-295
7.4
2021-09-21 CVE-2021-31917 Improper Authentication vulnerability in multiple products
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0).
network
low complexity
redhat infinispan CWE-287
critical
9.8
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat quarkus
5.3
2021-06-02 CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests.
network
low complexity
infinispan redhat netapp
7.1
2021-05-20 CVE-2021-3536 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS.
network
low complexity
redhat CWE-79
4.8