HIGH🇬🇧 English

CVE-2018-1131

CVSS 8.8v3.0pub. 2018-05-15upd. 2024-11-21

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Infinispan

    APP
    Infinispan
    8.2.109.0.39.1.79.2.29.3.0
  • Red Hat Jboss Data Grid

    APP
    Redhat
    7.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2019-14887CRITICAL9.1ten sam produkt

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...

CVE-2019-14892CRITICAL9.8ten sam produkt

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...

CVE-2019-10158CRITICAL9.8ten sam produkt

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixatio...

CVE-2019-10212CRITICAL9.8ten sam produkt

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled,...

CVE-2019-3888CRITICAL9.8ten sam produkt

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credenti...

CVE-2018-1131 — HIGH 8.8 | CVEbaza.pl