Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Remediation
References
https://issues.jboss.org/browse/ISPN-7485
https://github.com/infinispan/infinispan/pull/4936/commits
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
http://www.securityfocus.com/bid/97964
http://rhn.redhat.com/errata/RHSA-2017-1097.html
Related Vulnerabilities
CVE-2022-23457 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2019-16556 Vulnerability in maven package org.jenkins-ci.plugins:rundeck
CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal
CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc