Lucene search

Redhat.comRH:CVE-2020-25711

HistoryNov 13, 2020 - 7:52 p.m.

CVE-2020-25711

2020-11-1319:52:57

redhat.com

access.redhat.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

32.1%

JSON

A flaw was found in the Infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. The highest threat from this vulnerability is to integrity and system availability.

Mitigation

There is currently no known mitigation for this issue.

References

bugzilla.redhat.com/show_bug.cgi?id=1897618

nvd.nist.gov/vuln/detail/CVE-2020-25711

www.cve.org/CVERecord?id=CVE-2020-25711

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for RH:CVE-2020-25711