CVE-2017-2638 MEDIUM

CVE-2017-2638

Vendor [Unknown]
Product infinispan
Weakness CWE-306 · Missing auth
Published July 16, 2018
Last update August 5, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Key dates

02Disclosure timeline

July 16, 2018 CVE published
August 5, 2024 Record updated