Veracode Vulnerability DatabaseVERACODE:28045Authorization Check Bypass
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
infinispan-server-runtime is vulnerable to authorization check bypass. During some server management operations with enabled authz, the lack of checking authorization permission allows any user with authentication to perform operations, such as shutting down the server without the ADMIN role.
| CPE | Name | Operator | Version |
|---|---|---|---|
| infinispan server | le | 12.0.0.Dev06 | |
| infinispan server | le | 11.0.5.Final | |
| infinispan server | le | 12.0.0.Dev06 | |
| infinispan server | le | 11.0.5.Final |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P