HIGH✓ PATCH🇬🇧 English

CVE-2019-10174

CVSS 8.8v3.1pub. 2019-11-25upd. 2024-11-21

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Infinispan

    APP
    Infinispan
    < 8.2.129.0.0 – 9.4.17 (bez)
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Red Hat Enterprise Linux

    OS
    Redhat
    6.07.08.0
  • Red Hat Fuse

    APP
    Redhat
    1.0
  • Red Hat Jboss Data Grid

    APP
    Redhat
    wszystkie wersje
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.2
  • Red Hat Openshift Application Runtimes

    APP
    Redhat
    wszystkie wersje
  • Red Hat Single Sign On

    APP
    Redhat
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...