CVE-2017-15089 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-15089 PUBLISHED CVSS 8.800000190734863 HIGH

Deserialization of Untrusted Data in Infinispan

EPSS 1.84% · 82.8th percentile

Risk Scores

CVSS v3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.84%

82.8th percentile

Affected Products

Vendor	Product	Versions
Maven	org.infinispan:infinispan-core	0
infinispan	infinispan	0, 9.2.0, 9.2.0
Infinispan	infinispan	before 9.2.0.CR1

Timeline

Feb 15, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

1040360 vdb
RHSA-2018:0479 vendor-advisory
RHSA-2018:0481 vendor-advisory
https://github.com/infinispan/infinispan/pull/5639 url
RHSA-2018:0294 vendor-advisory
RHSA-2018:0501 vendor-advisory
RHSA-2018:0480 vendor-advisory
RHSA-2018:0478 vendor-advisory
RHSA-2019:1326 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2017-15089 advisory
https://github.com/infinispan/infinispan/commit/1deadcb1c74ea0337abd5382c0150b000f6b106f url
https://github.com/infinispan/infinispan/commit/2944b0d1369a230bde88392b222921537c99331e url
https://github.com/infinispan/infinispan package

Open in Interactive Console →