It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7 |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-02-15T17:00:00Z
Updated: 2024-09-16T19:05:25.998Z
Reserved: 2017-10-08T00:00:00
Link: CVE-2017-15089
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-15T17:29:00.207
Modified: 2024-11-21T03:14:02.923
Link: CVE-2017-15089
Redhat