Data Grid Security Vulnerabilities and Issues — Data Grid CVE List

Lucene search

RedhatData Grid

4 matches found

CVE•added 2021/05/20 1:15 p.m.•262 views

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

4.8CVSS5AI score0.00284EPSS

CVE•added 2021/08/05 9:15 p.m.•195 views

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

5.3CVSS5.3AI score0.00267EPSS

CVE•added 2021/06/02 12:15 p.m.•62 views

CVE-2020-10771

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

7.1CVSS6.8AI score0.00085EPSS

CVE•added 2021/09/21 11:15 a.m.•56 views

CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and ...

9.8CVSS9.5AI score0.00431EPSS