cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5384,https://securityvulnerability.io/vulnerability/CVE-2023-5384,Infinispan: credentials returned from configuration as clear text,"A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.",Red Hat,"infinispan,Red Hat Data Grid 8.4.6",2.7,LOW,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-12-18T14:15:00.000Z,0
CVE-2019-10158,https://securityvulnerability.io/vulnerability/CVE-2019-10158,Session Fixation Vulnerability in Infinispan by Red Hat,"Infinispan, up to version 9.4.14.Final, has a vulnerability due to improper implementation of session fixation protection within the Spring Session integration. This flaw can lead to incorrect session handling, allowing attackers the potential to exploit user sessions effectively. This vulnerability underscores the importance of robust session management in web applications to maintain user security and application integrity.",Red Hat,Infinispan,5.4,MEDIUM,0.004389999900013208,false,,false,false,false,,,false,false,,2020-01-02T14:28:44.000Z,0
CVE-2016-0750,https://securityvulnerability.io/vulnerability/CVE-2016-0750,,The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.,Red Hat,Infinispan,8.8,HIGH,0.016279999166727066,false,,false,false,false,,,false,false,,2018-09-11T13:00:00.000Z,0
CVE-2018-1131,https://securityvulnerability.io/vulnerability/CVE-2018-1131,,"Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.",Red Hat,Infinispan,8.8,HIGH,0.004350000061094761,false,,false,false,false,,,false,false,,2018-05-15T13:29:00.000Z,0