CVE-2021-31917

Published: Sep 21, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (6)

Products: Infinispan: Infinispan Server Rest · Redhat: Data Grid

Infinispan

1 product

Infinispan Server Rest

Redhat

1 product

Data Grid

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Infinispan Infinispan Server Rest	From 10.0.0 to 11.0.12
Infinispan Infinispan Server Rest	From 12.0.0 to 12.1.4
Redhat Data Grid	Version 8.0.0
Redhat Data Grid	Version 8.0.1
Redhat Data Grid	Version 8.1.0
Redhat Data Grid	Version 8.1.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://access.redhat.com/security/cve/cve-2021-31917

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/cve-2021-31917

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.