CVE-2017-15089

NONE EPSS 85.1%
Published Feb 15, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Feb 15, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Threat Intelligence

EPSS Exploit Probability
85.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

Affected Products 6

VendorProductVersionRange
infinispaninfinispan* ≤9.1.6
infinispaninfinispan9.2.0any
infinispaninfinispan9.2.0any
infinispaninfinispan9.2.0any
infinispaninfinispan9.2.0any
infinispaninfinispan9.2.0any

References 9

Remediation

  • github.com https://github.com/infinispan/infinispan/pull/5639
    PatchThird Party Advisory