Red Hat · Infinispan · CVE-2017-2638
Name of the Vulnerable Software and Affected Versions:
Infinispan versions prior to 9.0.0
Description:
The issue concerns the REST API in Infinispan, where auth constraints are not properly enforced. This allows an attacker to potentially read or modify data in the default cache or a known cache name.
Recommendations:
For versions prior to 9.0.0, update to version 9.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.