CVE-2017-15089
NONE EPSS 85.1%
Published Feb 15, 20188y ago · Modified Jun 17, 20262w ago
Published Feb 15, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Threat Intelligence
EPSS Exploit Probability
85.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-502 Deserialization of Untrusted Data Validation
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| infinispan | infinispan | * | ≤9.1.6 |
| infinispan | infinispan | 9.2.0 | any |
| infinispan | infinispan | 9.2.0 | any |
| infinispan | infinispan | 9.2.0 | any |
| infinispan | infinispan | 9.2.0 | any |
| infinispan | infinispan | 9.2.0 | any |
References 9
- securitytracker.com http://www.securitytracker.com/id/1040360
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0294
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0478
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0479
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0480
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0481
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:0501
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:1326
- github.com https://github.com/infinispan/infinispan/pull/5639
Remediation
- github.com https://github.com/infinispan/infinispan/pull/5639