Deserialization Vulnerability in Infinispan Hotrod Client

Deserialization Vulnerability in Infinispan Hotrod Client

CVE-2017-15089 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.

Learn more about our Web Application Penetration Testing UK.