Lucene search
Redhat.comRH:CVE-2018-1131HistoryOct 10, 2019 - 4:05 a.m.
CVE-2018-1131
2019-10-1004:05:39
redhat.com
access.redhat.com
13
EPSS
0.003
Percentile
68.1%
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
Related
veracode
veracode
Remote Code Execution (RCE)
2018-05-16 05:11:35
github
github
Deserialization of Untrusted Data in Infinispan
2022-05-13 01:33:29
osv
osv
CVE-2018-1131
2018-05-15 13:29:00
Deserialization of Untrusted Data in Infinispan
2022-05-13 01:33:29
cvelist
cvelist
CVE-2018-1131
2018-05-15 13:00:00
redhat
redhat
(RHSA-2018:1833) Important: Red Hat JBoss Data Grid 7.2.1 security update
2018-06-12 10:47:31
(RHSA-2019:3892) Important: Red Hat Fuse 7.5.0 security update
2019-11-14 21:15:16
prion
prion
Deserialization of untrusted data
2018-05-15 13:29:00
nvd
nvd
CVE-2018-1131
2018-05-15 13:29:00
cve
cve
CVE-2018-1131
2018-05-15 13:29:00