Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3628

Related Vulnerabilities

WordPress Plugin Quttera Web Malware Scanner Security Bypass (3.0.8.65)

phpMyFAQ Other Vulnerability (CVE-2004-2257)

Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)

Internet Information Services Other Vulnerability (CVE-1999-0738)

PHP4 multiple vulnerabilities

Severity

Medium

Classification

CVE-2023-3628 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities