VYPR
Vendor

Infinite

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2021-31917CriSep 21, 2021
    risk 0.64cvss 9.8epss 0.01

    A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data…

  • CVE-2017-15089HigFeb 15, 2018
    risk 0.50cvss 8.8epss 0.03

    It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct…

  • CVE-2020-10771HigJun 2, 2021
    risk 0.46cvss 7.1epss 0.00

    A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

  • CVE-2024-6875MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.

  • CVE-2020-25711MedDec 3, 2020
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

  • CVE-2020-10746MedOct 19, 2020
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the…

  • CVE-2025-0736MedJan 28, 2025
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and…

  • CVE-2016-0750MedSep 11, 2018
    risk 0.20cvss 4.2epss 0.02

    The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

  • CVE-2001-0097Feb 12, 2001
    risk 0.03cvss epss 0.03

    The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.