Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Data_grid
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-05 | CVE-2021-3642 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. | Quarkus, Build_of_quarkus, Codeready_studio, Data_grid, Descision_manager, Integration_camel_k, Integration_camel_quarkus, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Jboss_fuse, Openshift_application_runtimes, Process_automation, Wildfly_elytron | 5.3 | ||
| 2021-09-21 | CVE-2021-31917 | A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Infinispan\-Server\-Rest, Data_grid | 9.8 | ||
| 2023-10-04 | CVE-2023-4586 | A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | Hot_rod, Data_grid | 7.4 | ||
| 2023-12-18 | CVE-2023-3628 | A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform | 6.5 | ||
| 2023-12-18 | CVE-2023-3629 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform | 6.5 | ||
| 2023-12-18 | CVE-2023-5236 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. | Infinispan, Data_grid, Jboss_data_grid | 6.5 | ||
| 2023-12-18 | CVE-2023-5384 | A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | Infinispan, Data_grid, Jboss_data_grid | 2.7 | ||
| 2017-11-09 | CVE-2015-7501 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache... | Data_grid, Jboss_a\-Mq, Jboss_bpm_suite, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_server, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_portal, Openshift, Subscription_asset_manager, Xpaas | 9.8 | ||
| 2021-06-02 | CVE-2020-10771 | A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack. | Infinispan\-Server\-Rest, Oncommand_insight, Data_grid | 7.1 | ||
| 2019-10-14 | CVE-2019-14838 | A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server | Data_grid, Jboss_enterprise_application_platform, Single_sign\-On, Wildfly_core | 4.9 |