Infinispan
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:infinispan:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Infinispan (dacf907b-4315-57e4-a5ab-859d2847877b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-25711 |
vulnerable | 2026-06-08 05:22:37.277104 |
Details available
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Published: 2020-12-03T00:00:00.000Z
Updated: 2024-08-04T15:40:36.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10771 |
vulnerable | 2026-06-08 05:16:35.859307 |
Details available
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
Published: 2021-06-02T11:02:53.000Z
Updated: 2024-08-04T11:14:14.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10746 |
vulnerable | 2026-06-08 05:16:35.814548 |
Details available
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
Published: 2020-10-19T20:42:17.000Z
Updated: 2024-08-04T11:14:14.720Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.