8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.0%
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan’s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
CPE | Name | Operator | Version |
---|---|---|---|
org.infinispan:infinispan-core | le | 9.4.16.Final | |
org.infinispan:infinispan-core | le | 8.2.11.Final |
access.redhat.com/errata/RHSA-2020:0481
access.redhat.com/errata/RHSA-2020:0727
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174
github.com/advisories/GHSA-h47x-2j37-fw5m
github.com/infinispan/infinispan/commit/5dbb05cfaca01a1a66732b82a0f5ba615ccbd214
github.com/infinispan/infinispan/commit/7bdc2822ccf79127a488130239c49a5e944e3ca2
nvd.nist.gov/vuln/detail/CVE-2019-10174
security.netapp.com/advisory/ntap-20220210-0018/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
71.0%