CVE-2023-3628

EPSS 0.12%
Veröffentlicht 18.12.2023 14:15:08
Zuletzt bearbeitet 21.11.2024 08:17:42
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Data Grid Version- SwEditiontext-only

Redhat ≫ Jboss Enterprise Application Platform Version6

Redhat ≫ Data Grid Version < 8.4.4

Infinispan ≫ Infinispan Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-304 Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

https://access.redhat.com/errata/RHSA-2023:5396

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-3628

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2217924

Issue Tracking

https://security.netapp.com/advisory/ntap-20240125-0004/

https://nvd.nist.gov/vuln/detail/CVE-2023-3628

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3628

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3628

EUVD