CVE-2023-5236
MEDIUM
4,4
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0010
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
Application
Jboss Data Grid by Redhat
CPE Identifier
View Detailed Analysis
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Grid by Redhat
Version Range Affected
To
8.4.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Infinispan by Infinispan
CPE Identifier
View Detailed Analysis
cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-5236
https://bugzilla.redhat.com/show_bug.cgi?id=2240999
https://security.netapp.com/advisory/ntap-20240125-0004/
https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-5236
https://bugzilla.redhat.com/show_bug.cgi?id=2240999