← voltar
CVE-2017-15089

CVE-2017-15089

EPSS 2.9%CWE-502
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 2.9%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
15 fev 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Produtos afetados
Infinispan · infinispan

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2018:0294https://access.redhat.com/errata/RHSA-2018:0478https://access.redhat.com/errata/RHSA-2018:0479https://access.redhat.com/errata/RHSA-2018:0480https://access.redhat.com/errata/RHSA-2018:0481https://access.redhat.com/errata/RHSA-2018:0501https://access.redhat.com/errata/RHSA-2019:1326https://github.com/infinispan/infinispan/pull/5639http://www.securitytracker.com/id/1040360