Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for infinispan by Red Hat, Inc.

    CVE-2018-1131 (GCVE-0-2018-1131)

    Vulnerability from nvd – Published: 2018-05-15 13:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1576492 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104218 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1833 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3892 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat, Inc. infinispan Affected: 9.0.3.Final
    Affected: 9.1.7.Final
    Affected: 8.2.10.Final
    Affected: 9.2.2.Final
    Affected: 9.3.0.Alpha1
    Create a notification for this product.
    Date Public
    2018-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
              },
              {
                "name": "104218",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104218"
              },
              {
                "name": "RHSA-2018:1833",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1833"
              },
              {
                "name": "RHSA-2019:3892",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3892"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "infinispan",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.3.Final"
                },
                {
                  "status": "affected",
                  "version": "9.1.7.Final"
                },
                {
                  "status": "affected",
                  "version": "8.2.10.Final"
                },
                {
                  "status": "affected",
                  "version": "9.2.2.Final"
                },
                {
                  "status": "affected",
                  "version": "9.3.0.Alpha1"
                }
              ]
            }
          ],
          "datePublic": "2018-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-349",
                  "description": "CWE-349",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T23:07:11.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
            },
            {
              "name": "104218",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104218"
            },
            {
              "name": "RHSA-2018:1833",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1833"
            },
            {
              "name": "RHSA-2019:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2018-05-14T00:00:00",
              "ID": "CVE-2018-1131",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "infinispan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.0.3.Final"
                              },
                              {
                                "version_value": "9.1.7.Final"
                              },
                              {
                                "version_value": "8.2.10.Final"
                              },
                              {
                                "version_value": "9.2.2.Final"
                              },
                              {
                                "version_value": "9.3.0.Alpha1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-349"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
                },
                {
                  "name": "104218",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104218"
                },
                {
                  "name": "RHSA-2018:1833",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1833"
                },
                {
                  "name": "RHSA-2019:3892",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3892"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-1131",
        "datePublished": "2018-05-15T13:00:00.000Z",
        "dateReserved": "2017-12-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:45.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1131 (GCVE-0-2018-1131)

    Vulnerability from cvelistv5 – Published: 2018-05-15 13:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1576492 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/104218 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1833 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3892 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat, Inc. infinispan Affected: 9.0.3.Final
    Affected: 9.1.7.Final
    Affected: 8.2.10.Final
    Affected: 9.2.2.Final
    Affected: 9.3.0.Alpha1
    Create a notification for this product.
    Date Public
    2018-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.906Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
              },
              {
                "name": "104218",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104218"
              },
              {
                "name": "RHSA-2018:1833",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1833"
              },
              {
                "name": "RHSA-2019:3892",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3892"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "infinispan",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.3.Final"
                },
                {
                  "status": "affected",
                  "version": "9.1.7.Final"
                },
                {
                  "status": "affected",
                  "version": "8.2.10.Final"
                },
                {
                  "status": "affected",
                  "version": "9.2.2.Final"
                },
                {
                  "status": "affected",
                  "version": "9.3.0.Alpha1"
                }
              ]
            }
          ],
          "datePublic": "2018-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-349",
                  "description": "CWE-349",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T23:07:11.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
            },
            {
              "name": "104218",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104218"
            },
            {
              "name": "RHSA-2018:1833",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1833"
            },
            {
              "name": "RHSA-2019:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2018-05-14T00:00:00",
              "ID": "CVE-2018-1131",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "infinispan",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.0.3.Final"
                              },
                              {
                                "version_value": "9.1.7.Final"
                              },
                              {
                                "version_value": "8.2.10.Final"
                              },
                              {
                                "version_value": "9.2.2.Final"
                              },
                              {
                                "version_value": "9.3.0.Alpha1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-349"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"
                },
                {
                  "name": "104218",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104218"
                },
                {
                  "name": "RHSA-2018:1833",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1833"
                },
                {
                  "name": "RHSA-2019:3892",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3892"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-1131",
        "datePublished": "2018-05-15T13:00:00.000Z",
        "dateReserved": "2017-12-04T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:45.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }