QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1131

Back to search

CVE-2018-1131

Published: May 15, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

VendorProductVersions

Red Hat, Inc.

infinispan

affected
9.0.3.Final
affected
9.1.7.Final
affected
8.2.10.Final
affected
9.2.2.Final
affected
9.3.0.Alpha1

Weaknesses (CWE)

CWE-349

References

104218
vdb-entry
x_refsource_BID
RHSA-2018:1833
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3892
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now