CVE-2017-15089

CVE-2017-15089

Vendor Infinispan
Product infinispan
Weakness CWE-502 · Unsafe deserialization
Published February 15, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Key dates

02Disclosure timeline

February 15, 2018 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE