QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25711

Published: Dec 3, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Vendor	Product	Versions
n/a	infinispan	affected `Infinispan 11.0.6 Final`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1897618

https://security.netapp.com/advisory/ntap-20220210-0023/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.