CRITICAL🇵🇱 Wersja polska

CVE-2021-31917

CVSS 9.8v3.1pub. 2021-09-21upd. 2024-11-21

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Infinispan Server Rest

    APP
    Infinispan
    10.0.0 – 11.0.12 (bez)12.0.0 – 12.1.4 (bez)
  • Red Hat Data Grid

    APP
    Redhat
    8.0.08.0.18.1.08.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2015-7501CRITICAL9.8ten sam produkt

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV)...

CVE-2026-28367HIGH8.7ten sam produkt

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header...

CVE-2026-28368HIGH8.7ten sam produkt

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted reque...

CVE-2026-28369HIGH8.7ten sam produkt

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with o...