CVE-2023-3628

EPSS 0.12%
Published 18.12.2023 14:15:08
Last modified 21.11.2024 08:17:42
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Data Grid Version- SwEditiontext-only

Redhat ≫ Jboss Enterprise Application Platform Version6

Redhat ≫ Data Grid Version < 8.4.4

Infinispan ≫ Infinispan Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.31

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-304 Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

https://access.redhat.com/errata/RHSA-2023:5396

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-3628

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2217924

Issue Tracking

https://security.netapp.com/advisory/ntap-20240125-0004/

https://nvd.nist.gov/vuln/detail/CVE-2023-3628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3628

EUVD