A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
View Full Alert
Related Posts
CVE-2020-10936Sympa before 6.2.56 allows privilege escalation. View Full Alert
CVE-2020-10945Centreon before 19.10.7 exposes Session IDs in server responses. View Full Alert
CVE-2020-13168SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. View Full Alert