Lucene search

K
RedhatData Grid

15 matches found

CVE
CVE
added 2023/10/04 11:15 a.m.576 views

CVE-2023-4586

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

7.4CVSS7.2AI score0.0013EPSS
CVE
CVE
added 2017/11/09 5:29 p.m.250 views

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Serve...

10CVSS9.7AI score0.71461EPSS
CVE
CVE
added 2021/05/20 1:15 p.m.235 views

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

4.8CVSS5AI score0.00284EPSS
CVE
CVE
added 2024/08/21 2:15 p.m.189 views

CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the sa...

7.5CVSS7.4AI score0.28035EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.177 views

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

5.3CVSS5.3AI score0.00267EPSS
CVE
CVE
added 2020/10/06 2:15 p.m.175 views

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

7.5CVSS6.9AI score0.00597EPSS
CVE
CVE
added 2019/10/14 3:15 p.m.139 views

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

5.2CVSS5AI score0.00402EPSS
CVE
CVE
added 2023/12/18 2:15 p.m.130 views

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

6.5CVSS5.3AI score0.00117EPSS
CVE
CVE
added 2023/12/18 2:15 p.m.112 views

CVE-2023-3629

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5CVSS5.3AI score0.00078EPSS
CVE
CVE
added 2023/12/18 2:15 p.m.111 views

CVE-2023-3628

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5CVSS6.4AI score0.00115EPSS
CVE
CVE
added 2023/12/18 2:15 p.m.94 views

CVE-2023-5384

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

7.2CVSS5.2AI score0.00165EPSS
CVE
CVE
added 2020/12/03 5:15 p.m.90 views

CVE-2020-25711

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

6.5CVSS6.5AI score0.00183EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.62 views

CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

7.1CVSS6.8AI score0.00085EPSS
CVE
CVE
added 2021/09/21 11:15 a.m.56 views

CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and ...

9.8CVSS9.5AI score0.00431EPSS
CVE
CVE
added 2025/06/26 10:15 p.m.13 views

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

6.2CVSS7AI score0.00017EPSS