CRITICAL🇬🇧 English

CVE-2021-31917

CVSS 9.8v3.1pub. 2021-09-21upd. 2024-11-21

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Infinispan Server Rest

    APP
    Infinispan
    10.0.0 – 11.0.12 (bez)12.0.0 – 12.1.4 (bez)
  • Red Hat Data Grid

    APP
    Redhat
    8.0.08.0.18.1.08.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2015-7501CRITICAL9.8ten sam produkt

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV)...

CVE-2026-28367HIGH8.7ten sam produkt

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header...

CVE-2026-28368HIGH8.7ten sam produkt

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted reque...

CVE-2026-28369HIGH8.7ten sam produkt

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with o...

CVE-2021-31917 — CRITICAL 9.8 | CVEbaza.pl