Back to search
CVE-2017-15089
Published: Feb 15, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
| Vendor | Product | Versions |
|---|---|---|
Infinispan | infinispan | affected before 9.2.0.CR1 |
Weaknesses (CWE)
References
1040360
vdb-entry
x_refsource_SECTRACK
RHSA-2018:0479
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0481
vendor-advisory
x_refsource_REDHAT
https://github.com/infinispan/infinispan/pull/5639
x_refsource_CONFIRM
RHSA-2018:0294
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0501
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0480
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0478
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1326
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now