CVE-2017-15089

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*
cpe:2.3:a:infinispan:infinispan:9.2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:infinispan:infinispan:9.2.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:infinispan:infinispan:9.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:infinispan:infinispan:9.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:infinispan:infinispan:9.2.0:cr1:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-15 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-15089

Mitre link : CVE-2017-15089

CVE.ORG link : CVE-2017-15089


JSON object : View

Products Affected

infinispan

  • infinispan
CWE
CWE-502

Deserialization of Untrusted Data