Vulnerabilities > Redhat > Data Grid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-3628 | A flaw was found in Infinispan's REST. | 6.5 |
| 2023-12-18 | CVE-2023-3629 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. | 6.5 |
| 2023-12-18 | CVE-2023-5236 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. | 6.5 |
| 2023-12-18 | CVE-2023-5384 | Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in Infinispan. | 2.7 |
| 2023-10-04 | CVE-2023-4586 | Improper Certificate Validation vulnerability in multiple products A vulnerability was found in the Hot Rod client. | 7.4 |
| 2021-09-21 | CVE-2021-31917 | Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). | 7.5 |
| 2021-08-05 | CVE-2021-3642 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. | 3.5 |
| 2021-06-02 | CVE-2020-10771 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. | 5.8 |
| 2021-05-20 | CVE-2021-3536 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. | 3.5 |
| 2020-12-03 | CVE-2020-25711 | Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. | 6.5 |