infinispan

Top products

The 15 most recently published vulnerabilities affecting infinispan.

• CVE-2025-5731Infinispan: credential leakage in infinispan cli5.5Jun 26, 2025
• CVE-2023-5236Infinispan: circular reference on marshalling leads to dos4.4Dec 18, 2023
• CVE-2023-5384Infinispan: credentials returned from configuration as clear text7.2Dec 18, 2023
• CVE-2023-3628Infispan: rest bulk ops don't check permissions6.5Dec 18, 2023
• CVE-2023-3629Infinispan: non-admins should not be able to get cache config via rest api4.3Dec 18, 2023
• CVE-2023-4586Hotrod-client: hot rod client does not enable hostname validation when using tls that lead to a mitm attack7.4Oct 4, 2023
• CVE-2021-31917A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as...9.8Sep 21, 2021
• CVE-2020-10771A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site requ...7.1Jun 2, 2021
• CVE-2020-25711A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication c...6.5Dec 3, 2020
• CVE-2020-10746A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated ...6.1Oct 19, 2020
• CVE-2019-10158A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.9.8Jan 2, 2020
• CVE-2019-10174A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispa...8.8Nov 25, 2019
• CVE-2016-0750The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-cr...4.2Sep 11, 2018
• CVE-2017-2638It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or ...6.5Jul 16, 2018
• CVE-2018-1131Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious o...8.8May 15, 2018