Description

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

Remediation

References

https://access.redhat.com/errata/RHSA-2020:0481

https://access.redhat.com/errata/RHSA-2020:0727

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174

https://security.netapp.com/advisory/ntap-20220210-0018/

Related Vulnerabilities

CVE-2014-0099 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2013-1921 Vulnerability in maven package org.picketbox:jbosssx

CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger

CVE-2022-41240 Vulnerability in maven package org.jenkins-ci.plugins:walti

CVE-2019-10334 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

Severity

Critical

Classification

CWE-470 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Issue Tracking Third Party Advisory