HIGH🇵🇱 Wersja polska

CVE-2017-15089

CVSS 8.8v3.0pub. 2018-02-15upd. 2024-11-21

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Infinispan

    APP
    Infinispan
    9.2.0≤ 9.1.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2019-10158CRITICAL9.8ten sam produkt

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixatio...

CVE-2023-5384HIGH7.2ten sam produkt

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contain...

CVE-2019-10174HIGH8.8ten sam produkt

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class Reflection...

CVE-2018-1131HIGH8.8ten sam produkt

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server ...

CVE-2025-5731MEDIUM5.5ten sam produkt

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is ...