PT-2021-19592 · Red Hat · Infinispan+1

Ryan Emerson

Published

2021-09-21

Updated

2022-01-11

CVE-2021-31917

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Red Hat DataGrid versions 8.0.0 through 8.1.1 Infinispan versions 10.0.0 through 12.0.0

Description: A flaw was found in the software, allowing an attacker to bypass authentication on all REST endpoints when DIGEST is used as the authentication method. This poses a significant threat to data confidentiality and integrity, as well as system availability.

Recommendations: For Red Hat DataGrid versions 8.0.0 through 8.1.1, consider disabling the DIGEST authentication method until a patch is available. For Infinispan versions 10.0.0 through 12.0.0, restrict access to all REST endpoints to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-31917

Affected Products

Infinispan

Red Hat Datagrid

PT-2021-19592 · Red Hat · Infinispan+1

CVE-2021-31917

Weakness Enumeration

Related Identifiers

Affected Products

References · 4