Product:

Data_grid

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2024-08-21 CVE-2024-7885 A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which... Build_of_apache_camel_\-_hawtio, Build_of_apache_camel_for_spring_boot, Build_of_keycloak, Data_grid, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Process_automation, Single_sign\-On 7.5
2020-10-06 CVE-2020-25644 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On, Wildfly_openssl 7.5
2020-12-03 CVE-2020-25711 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. Infinispan, Active_iq_unified_manager, Data_grid 6.5
2021-05-20 CVE-2021-3536 A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. Build_of_quarkus, Data_grid, Descision_manager, Integration_camel_k, Integration_camel_quarkus, Integration_service_registry, Jboss_a\-Mq, Jboss_enterprise_application_platform, Wildfly 4.8
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. Quarkus, Build_of_quarkus, Codeready_studio, Data_grid, Descision_manager, Integration_camel_k, Integration_camel_quarkus, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Jboss_fuse, Openshift_application_runtimes, Process_automation, Wildfly_elytron 5.3
2021-09-21 CVE-2021-31917 A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Infinispan\-Server\-Rest, Data_grid 9.8
2023-10-04 CVE-2023-4586 A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. Hot_rod, Data_grid 7.4
2023-12-18 CVE-2023-3628 A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform 6.5
2023-12-18 CVE-2023-3629 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform 6.5
2023-12-18 CVE-2023-5236 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. Infinispan, Data_grid, Jboss_data_grid 6.5