infinispan CVE-2017-2638 Authentication Bypass Vulnerability

infinispan is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass the authentication mechanism and obtain sensitive information. This may aid in further attacks.

Versions prior to infinispan 9.0.0.Final are vulnerable.


Bugtraq ID: 97964
Class: Access Validation Error
CVE: CVE-2017-2638

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 24 2017 03:08PM
Credit: Jonathan Mason (Red Hat).
Vulnerable: Redhat JBoss Data Grid 6.0
infinispan infinispan 8.2.6.Final
infinispan infinispan 8.2.5.Final
infinispan infinispan 8.2.4.Final
infinispan infinispan 8.1.7.Final
infinispan infinispan 8.1.6.Final

Not Vulnerable: Redhat JBoss Data Grid 7.1.0
infinispan infinispan 9.0.0.Final
infinispan infinispan 9.0.0.CR3


Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Related Posts