CVE-2019-10174

EPSS 1.04%
Veröffentlicht 25.11.2019 11:15:10
Zuletzt bearbeitet 21.11.2024 04:18:34
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Infinispan ≫ Infinispan Version < 8.2.12

Infinispan ≫ Infinispan Version >= 9.0.0 < 9.4.17

Redhat ≫ Fuse Version1.0

Redhat ≫ Jboss Data Grid Version- SwEditiontext-only

Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only

Redhat ≫ Openshift Application Runtimes Version- SwEditiontext-only

Redhat ≫ Single Sign-on Version- SwEditiontext-only

Redhat ≫ Jboss Enterprise Application Platform Version7.2

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.767

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com	7.5	1.6	5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

https://access.redhat.com/errata/RHSA-2020:0481

Vendor Advisory

https://access.redhat.com/errata/RHSA-2020:0727

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174

Vendor Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20220210-0018/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10174

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10174

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10174

EUVD