8.8
CVE-2018-1131
- EPSS 0.56%
- Veröffentlicht 15.05.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:15
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Infinispan ≫ Infinispan Version8.2.10
Infinispan ≫ Infinispan Version9.0.3
Infinispan ≫ Infinispan Version9.1.7
Infinispan ≫ Infinispan Version9.2.2
Infinispan ≫ Infinispan Version9.3.0 Updatealpha1
Redhat ≫ Jboss Data Grid Version7.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.672 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.