CVE-2017-2638
Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.495
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-2638 are fixed in Infinispan--server-core 9.0.0 | Windows |
| Vulnerabilities CVE-2017-2638 are affected in Red Hat JBoss Data Grid 7.1 | Windows |
| Vulnerabilities CVE-2016-4970,CVE-2017-2638 are affected in Red Hat JBoss Data Grid 7.1 | Windows |
| Vulnerabilities CVE-2017-2638 are fixed in Infinispan--server-core for Linux 9.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234