CRITICAL✓ PATCH🇬🇧 English

CVE-2019-10158

CVSS 9.8v3.1pub. 2020-01-02upd. 2024-11-21

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Infinispan

    APP
    Infinispan
    ≤ 9.4.14
  • Red Hat Jboss Data Grid

    APP
    Redhat
    7.0.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2019-14887CRITICAL9.1ten sam produkt

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...

CVE-2019-14892CRITICAL9.8ten sam produkt

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...

CVE-2019-10212CRITICAL9.8ten sam produkt

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled,...

CVE-2019-3888CRITICAL9.8ten sam produkt

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credenti...

CVE-2023-5384HIGH7.2ten sam produkt

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contain...