Lucene search
RedhatCVELIST:CVE-2017-15089HistoryFeb 12, 2018 - 12:00 a.m.
CVE-2017-15089
2018-02-1200:00:00
CWE-502
redhat
www.cve.org
1
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
CNA Affected
[
{
"product": "infinispan",
"vendor": "Infinispan",
"versions": [
{
"status": "affected",
"version": "before 9.2.0.CR1"
}
]
}
]References
www.securitytracker.com/id/1040360
access.redhat.com/errata/RHSA-2018:0294
access.redhat.com/errata/RHSA-2018:0478
access.redhat.com/errata/RHSA-2018:0479
access.redhat.com/errata/RHSA-2018:0480
access.redhat.com/errata/RHSA-2018:0481
access.redhat.com/errata/RHSA-2018:0501
access.redhat.com/errata/RHSA-2019:1326
github.com/infinispan/infinispan/pull/5639
Related
osv
osv
CVE-2017-15089
2018-02-15 17:29:00
Deserialization of Untrusted Data in Infinispan
2022-05-14 00:59:30
nvd
nvd
CVE-2017-15089
2018-02-15 17:29:00
checkpoint_advisories
checkpoint_advisories
veracode
veracode
Unsafe Deserialization
2018-02-16 04:26:56
github
github
Deserialization of Untrusted Data in Infinispan
2022-05-14 00:59:30
cve
cve
CVE-2017-15089
2018-02-15 17:29:00
prion
prion
Deserialization of untrusted data
2018-02-15 17:29:00
redhatcve
redhatcve
CVE-2017-15089
2019-10-22 06:42:42
redhat
redhat
nessus
nessus
RHEL 8 : infinispan (Unpatched Vulnerability)
2024-05-11 00:00:00