Lucene search

K

PRIOn knowledge basePRION:CVE-2017-15089

HistoryFeb 15, 2018 - 5:29 p.m.

Deserialization of untrusted data

2018-02-1517:29:00

PRIOn knowledge base

www.prio-n.com

8

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

CPENameOperatorVersion
infinispaneq9.2.0 cr1
infinispaneq9.2.0 beta2
infinispaneq9.2.0 beta1
infinispaneq9.2.0 alpha2
infinispaneq9.2.0 alpha1
infinispanle9.1.6

References

www.securitytracker.com/id/1040360

access.redhat.com/errata/RHSA-2018:0294

access.redhat.com/errata/RHSA-2018:0478

access.redhat.com/errata/RHSA-2018:0479

access.redhat.com/errata/RHSA-2018:0480

access.redhat.com/errata/RHSA-2018:0481

access.redhat.com/errata/RHSA-2018:0501

access.redhat.com/errata/RHSA-2019:1326

github.com/infinispan/infinispan/pull/5639

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Related for PRION:CVE-2017-15089

osv2 cvelist1 nvd1 checkpoint_advisories1 veracode1 github1 cve1 redhatcve1 redhat8 nessus4