CVEs (12)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Infinispan Redhat4Data Grid InfinispanJboss Enterprise Application Platform+1 moreJan 8, 2026 Jun 26, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a co...Show more |
2Infinispan Redhat3Data Grid InfinispanJboss Data GridNov 21, 2024 Dec 18, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text a...Show more |
2Infinispan Redhat3Data Grid InfinispanJboss Data GridSep 25, 2025 Dec 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and...Show more |
2Infinispan Redhat4Data Grid InfinispanJboss Data Grid+1 moreNov 21, 2024 Dec 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of t...Show more |
2Infinispan Redhat4Data Grid InfinispanJboss Data Grid+1 moreNov 21, 2024 Dec 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permiss...Show more |
3Infinispan NetappRedhat3Active Iq Unified Manager Data GridInfinispanNov 21, 2024 Dec 3, 2020 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations l...Show more |
2Infinispan Redhat2Infinispan Jboss Data GridNov 21, 2024 Jan 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling. |
3Infinispan NetappRedhat7Active Iq Unified Manager FuseInfinispan+4 moreNov 21, 2024 Nov 25, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The att...Show more |
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object...Show more |
2Infinispan Redhat2Infinispan Jboss Data GridNov 21, 2024 Jul 16, 2018 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name. |
2Infinispan Redhat2Infinispan Jboss Data GridNov 21, 2024 May 15, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache config...Show more |
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and at...Show more |