threat
engine
.sh
Back
·
··:··
Home
/
Product
/
infinispan
Product
infinispan
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-5731
all versions
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plainte
5.5
MEDIUM
CVE-2023-5384
all versions
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC
7.2
HIGH
CVE-2023-5236
all versions
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker wit
4.4
MEDIUM
CVE-2023-3629
all versions
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the
4.3
MEDIUM
CVE-2023-3628
all versions
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue
6.5
MEDIUM
CVE-2023-4586
all versions
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validat
7.4
HIGH
CVE-2021-31917
>= 10.0.0 and < 11.0.12
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could
9.8
CRITICAL
CVE-2020-10771
all versions
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET
7.1
HIGH
CVE-2020-25711
< 11.0.6
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server managemen
6.5
MEDIUM
CVE-2020-10746
all versions
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls vi
6.1
MEDIUM
CVE-2019-10158
<= 9.4.14
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the
9.8
CRITICAL
CVE-2019-10174
< 8.2.12
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any appl
8.8
HIGH
CVE-2016-0750
< 9.1.0
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A
4.2
MEDIUM
CVE-2017-2638
< 9.0.0
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use
6.5
MEDIUM
CVE-2018-1131
all versions
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A us
8.8
HIGH
CVE-2017-15089
<= 9.1.6
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the c
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin