CVE-2017-15089
CVE-2017-15089
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
15 feb 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Productos afectados
Infinispan · infinispan¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2018:0294https://access.redhat.com/errata/RHSA-2018:0478https://access.redhat.com/errata/RHSA-2018:0479https://access.redhat.com/errata/RHSA-2018:0480https://access.redhat.com/errata/RHSA-2018:0481https://access.redhat.com/errata/RHSA-2018:0501https://access.redhat.com/errata/RHSA-2019:1326https://github.com/infinispan/infinispan/pull/5639http://www.securitytracker.com/id/1040360