Lucene search
K

4 matches found

CVE
CVE
added 2023/12/18 1:43 p.m.159 views

CVE-2023-5236

Summary (based on provided sources): CVE-2023-5236 affects Infinispan and is caused by failing to detect circular object references during unmarshalling, enabling a remote-authenticated attacker to insert a crafted object into the cache to trigger out-of-memory conditions and a denial of service....

6.5CVSS5.3AI score0.0089EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.139 views

CVE-2023-3628

CVE-2023-3628 affects Infinispan REST: bulk read endpoints fail to properly enforce user permissions, potentially allowing an authenticated user to access data outside their intended scope. The condition is documented across multiple sources (GHSA-FHR7-8JX4-R9CP, NVD/NVD-linked CVE, and Red Hat a...

6.5CVSS6.4AI score0.0064EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.137 views

CVE-2023-3629

CVE-2023-3629 concerns Infinispan REST: cache retrieval endpoints fail to properly enforce admin permissions, potentially allowing an authenticated user to access data outside their intended permissions. The description in multiple sources confirms an information exposure risk without admin autho...

6.5CVSS5.3AI score0.00579EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.117 views

CVE-2023-5384

CVE-2023-5384 affects Infinispan: when serializing a cache configuration to XML/JSON/YAML that contains credentials (e.g., JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This exposes sensitive data if the configuration i...

7.2CVSS5.2AI score0.00543EPSS