Vulnerability Description
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infinispan | Infinispan | <= 9.4.14 |
| Redhat | Jboss Data Grid | 7.0.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158Issue TrackingPatchThird Party Advisory
- https://github.com/infinispan/infinispan/pull/6960Third Party Advisory
- https://github.com/infinispan/infinispan/pull/7025Third Party Advisory
- https://security.netapp.com/advisory/ntap-20231227-0009/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158Issue TrackingPatchThird Party Advisory
- https://github.com/infinispan/infinispan/pull/6960Third Party Advisory
- https://github.com/infinispan/infinispan/pull/7025Third Party Advisory
- https://security.netapp.com/advisory/ntap-20231227-0009/
FAQ
What is CVE-2019-10158?
CVE-2019-10158 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
How severe is CVE-2019-10158?
CVE-2019-10158 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10158?
Check the references section above for vendor advisories and patch information. Affected products include: Infinispan Infinispan, Redhat Jboss Data Grid.