VDB

CVE-2020-10746

CVE-2020-10746 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

EPSS 0.04% · 13.3th percentile

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.04%
13.3th percentile

Affected Products

VendorProductVersions
n/aInfinispanInfinispan 11.0.0
infinispaninfinispan-server-runtime10.0.0

Exploit Intelligence

Timeline

  • Oct 19, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›