Vulnerability Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infinispan | Infinispan | < 9.0.0 |
| Redhat | Jboss Data Grid | 7.1 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2017-1097.htmlThird Party Advisory
- http://www.securityfocus.com/bid/97964Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638Issue TrackingPatchThird Party Advisory
- https://github.com/infinispan/infinispan/pull/4936/commitsPatchThird Party Advisory
- https://issues.jboss.org/browse/ISPN-7485Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-1097.htmlThird Party Advisory
- http://www.securityfocus.com/bid/97964Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638Issue TrackingPatchThird Party Advisory
- https://github.com/infinispan/infinispan/pull/4936/commitsPatchThird Party Advisory
- https://issues.jboss.org/browse/ISPN-7485Third Party Advisory
FAQ
What is CVE-2017-2638?
CVE-2017-2638 is a vulnerability with a CVSS score of 6.5 (MEDIUM). It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a k...
How severe is CVE-2017-2638?
CVE-2017-2638 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2638?
Check the references section above for vendor advisories and patch information. Affected products include: Infinispan Infinispan, Redhat Jboss Data Grid.