Infinispan REST API Vulnerability Allows Unauthorized Data Access
CVE-2017-2638

6.5MEDIUM

Key Information:

Vendor: [unknown]
Status: Infinispan
Vendor: CVE Published:; 16 July 2018

What is CVE-2017-2638?

The Infinispan REST API before version 9.0.0 is susceptible to an authorization bypass vulnerability. This flaw allows attackers to improperly access and manipulate data within both the default cache and any known cache names, leading to potential data breaches and confidentiality concerns. Proper authentication controls were not enforced, which increases the risk of exploitation in environments where sensitive data is stored.

Affected Version(s)

infinispan Infinispan 9.0.0.Final

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2017-1097.html

vendor-advisoryx_refsource_REDHAT

https://issues.jboss.org/browse/ISPN-7485

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Dec 1, 2016

[unknown]

What is CVE-2017-2638?

Affected Version(s)

References

CVSS V3.1

Timeline