It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
History

Fri, 23 Aug 2024 09:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-02-15T17:00:00Z

Updated: 2024-09-16T19:05:25.998Z

Reserved: 2017-10-08T00:00:00

Link: CVE-2017-15089

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-15T17:29:00.207

Modified: 2019-06-04T17:29:00.287

Link: CVE-2017-15089

cve-icon Redhat

Severity : Important

Publid Date: 2018-02-12T15:00:00Z

Links: CVE-2017-15089 - Bugzilla