Lucene search

[email protected]CVE-2020-10746

HistoryOct 19, 2020 - 9:15 p.m.

CVE-2020-10746

2020-10-1921:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

infinispan

cve-2020-10746

security vulnerability

api access

local machine access

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.2 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

0.0004 Low

EPSS

Percentile

11.7%

JSON

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

VendorProductVersionCPE
infinispaninfinispan*cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infinispan	infinispan	*	cpe:2.3:a:infinispan:infinispan::::::::

References

bugzilla.redhat.com/show_bug.cgi?id=1835922

Social References

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.2 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

0.0004 Low

EPSS

Percentile

11.7%

JSON

Related for CVE-2020-10746

redhatcve1 prion1 redhat1