Search
Find a vulnerability
Search criteria
6 vulnerabilities found for infinispan by Red Hat
CVE-2025-5731 (GCVE-0-2025-5731)
Vulnerability from nvd – Published: 2025-06-26 21:28 – Updated: 2026-01-08 03:11
VLAI
Title
Infinispan: credential leakage in infinispan cli
Summary
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:10130 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-5731 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370429 | issue-trackingx_refsource_REDHAT |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | infinispan |
Affected:
0 , < 15.2.5
(semver)
|
|
| Red Hat | Red Hat Data Grid 8.5.4 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
Date Public
2025-06-26 21:24
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:13:26.599882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:13:36.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/infinispan/infinispan",
"defaultStatus": "unaffected",
"packageName": "infinispan",
"product": "infinispan",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "15.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat Data Grid 8.5.4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
}
],
"datePublic": "2025-06-26T21:24:21.857Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T03:11:10.828Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10130"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5731"
},
{
"name": "RHBZ#2370429",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370429"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-05T13:42:15.727Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-26T21:24:21.857Z",
"value": "Made public."
}
],
"title": "Infinispan: credential leakage in infinispan cli",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5731",
"datePublished": "2025-06-26T21:28:59.501Z",
"dateReserved": "2025-06-05T13:48:09.202Z",
"dateUpdated": "2026-01-08T03:11:10.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10158 (GCVE-0-2019-10158)
Vulnerability from nvd – Published: 2020-01-02 14:28 – Updated: 2025-02-13 16:27
VLAI
Summary
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Severity
5.4 (Medium)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/6960 | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/7025 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2023122… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | infinispan |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "infinispan",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T15:06:25.431Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10158",
"datePublished": "2020-01-02T14:28:44.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:20.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0750 (GCVE-0-2016-0750)
Vulnerability from nvd – Published: 2018-09-11 13:00 – Updated: 2024-08-05 22:30
VLAI
Summary
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Severity
4.2 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://issues.jboss.org/browse/ISPN-7781 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101910 | vdb-entryx_refsource_BID |
| https://github.com/infinispan/infinispan/pull/5116 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0501 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3244 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Infinispan |
Affected:
9.1.0.Final
|
Date Public
2017-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Infinispan",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "9.1.0.Final"
}
]
}
],
"datePublic": "2017-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "CWE-138",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Infinispan",
"version": {
"version_data": [
{
"version_value": "9.1.0.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-138"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.jboss.org/browse/ISPN-7781",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101910"
},
{
"name": "https://github.com/infinispan/infinispan/pull/5116",
"refsource": "CONFIRM",
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0750",
"datePublished": "2018-09-11T13:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:04.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5731 (GCVE-0-2025-5731)
Vulnerability from cvelistv5 – Published: 2025-06-26 21:28 – Updated: 2026-01-08 03:11
VLAI
Title
Infinispan: credential leakage in infinispan cli
Summary
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:10130 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-5731 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2370429 | issue-trackingx_refsource_REDHAT |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | infinispan |
Affected:
0 , < 15.2.5
(semver)
|
|
| Red Hat | Red Hat Data Grid 8.5.4 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
Date Public
2025-06-26 21:24
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:13:26.599882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:13:36.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/infinispan/infinispan",
"defaultStatus": "unaffected",
"packageName": "infinispan",
"product": "infinispan",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "15.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat Data Grid 8.5.4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "infinispan-cli-client",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
}
],
"datePublic": "2025-06-26T21:24:21.857Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T03:11:10.828Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:10130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:10130"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-5731"
},
{
"name": "RHBZ#2370429",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370429"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-05T13:42:15.727Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-06-26T21:24:21.857Z",
"value": "Made public."
}
],
"title": "Infinispan: credential leakage in infinispan cli",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-5731",
"datePublished": "2025-06-26T21:28:59.501Z",
"dateReserved": "2025-06-05T13:48:09.202Z",
"dateUpdated": "2026-01-08T03:11:10.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10158 (GCVE-0-2019-10158)
Vulnerability from cvelistv5 – Published: 2020-01-02 14:28 – Updated: 2025-02-13 16:27
VLAI
Summary
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Severity
5.4 (Medium)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/6960 | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/7025 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2023122… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | infinispan |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "infinispan",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T15:06:25.431Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10158",
"datePublished": "2020-01-02T14:28:44.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:20.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0750 (GCVE-0-2016-0750)
Vulnerability from cvelistv5 – Published: 2018-09-11 13:00 – Updated: 2024-08-05 22:30
VLAI
Summary
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
Severity
4.2 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://issues.jboss.org/browse/ISPN-7781 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101910 | vdb-entryx_refsource_BID |
| https://github.com/infinispan/infinispan/pull/5116 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0501 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:3244 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Infinispan |
Affected:
9.1.0.Final
|
Date Public
2017-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Infinispan",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "9.1.0.Final"
}
]
}
],
"datePublic": "2017-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-138",
"description": "CWE-138",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Infinispan",
"version": {
"version_data": [
{
"version_value": "9.1.0.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-138"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.jboss.org/browse/ISPN-7781",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/ISPN-7781"
},
{
"name": "101910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101910"
},
{
"name": "https://github.com/infinispan/infinispan/pull/5116",
"refsource": "CONFIRM",
"url": "https://github.com/infinispan/infinispan/pull/5116"
},
{
"name": "RHSA-2018:0501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0501"
},
{
"name": "RHSA-2017:3244",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3244"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0750",
"datePublished": "2018-09-11T13:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:04.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}