Deserialization Vulnerability in Infinispan Hotrod Client
CVE-2017-15089 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Learn more about our Web Application Penetration Testing UK.