Red Hat · Infinispan · CVE-2019-10158
**Name of the Vulnerable Software and Affected Versions**
Infinispan versions prior to 9.4.14.Final
**Description**
A flaw was found in the improper implementation of the session fixation protection in the Spring Session integration, which can result in incorrect session handling.
**Recommendations**
For versions prior to 9.4.14.Final, update to version 9.4.14.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the Spring Session integration until a patch is available.