Product:

Data_grid

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2020-10-06 CVE-2020-25644 A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On, Wildfly_openssl 7.5
2017-11-09 CVE-2015-7501 Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache... Data_grid, Jboss_a\-Mq, Jboss_bpm_suite, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_server, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_portal, Openshift, Subscription_asset_manager, Xpaas 9.8
2023-12-18 CVE-2023-3628 A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform 6.5
2023-12-18 CVE-2023-3629 A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. Infinispan, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform 6.5
2023-12-18 CVE-2023-5236 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. Infinispan, Data_grid, Jboss_data_grid 6.5
2023-12-18 CVE-2023-5384 A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. Infinispan, Data_grid, Jboss_data_grid 2.7
2023-10-04 CVE-2023-4586 A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. Hot_rod, Data_grid 7.4
2020-12-03 CVE-2020-25711 A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. Infinispan, Active_iq_unified_manager, Data_grid 6.5
2021-09-21 CVE-2021-31917 A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Infinispan\-Server\-Rest, Data_grid 9.8
2021-06-02 CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack. Infinispan\-Server\-Rest, Oncommand_insight, Data_grid 7.1