CVE-2018-1131 - OpenCVE

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Infinispan	Infinispan
Redhat	Jboss Data Grid

Configuration 1 [-]

OR	cpe:2.3:a:infinispan:infinispan:8.2.10:::::::*
	cpe:2.3:a:infinispan:infinispan:9.0.3:::::::*
	cpe:2.3:a:infinispan:infinispan:9.1.7:::::::*
	cpe:2.3:a:infinispan:infinispan:9.2.2:::::::*
	cpe:2.3:a:infinispan:infinispan:9.3.0:alpha1::::::

Configuration 2 [-]

cpe:2.3:a:redhat:jboss_data_grid:7.2:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/104218	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1833	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892
https://bugzilla.redhat.com/show_bug.cgi?id=1576492	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-05-14T00:00:00

Updated: 2019-11-14T23:07:11

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1131

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-15T13:29:00.213

Modified: 2019-10-09T23:38:10.803

Link: CVE-2018-1131

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "infinispan", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "9.0.3.Final"}, {"status": "affected", "version": "9.1.7.Final"}, {"status": "affected", "version": "8.2.10.Final"}, {"status": "affected", "version": "9.2.2.Final"}, {"status": "affected", "version": "9.3.0.Alpha1"}]}], "datePublic": "2018-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-349", "description": "CWE-349", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-14T23:07:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"}, {"name": "104218", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104218"}, {"name": "RHSA-2018:1833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1833"}, {"name": "RHSA-2019:3892", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3892"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-05-14T00:00:00", "ID": "CVE-2018-1131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "infinispan", "version": {"version_data": [{"version_value": "9.0.3.Final"}, {"version_value": "9.1.7.Final"}, {"version_value": "8.2.10.Final"}, {"version_value": "9.2.2.Final"}, {"version_value": "9.3.0.Alpha1"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-349"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"}, {"name": "104218", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104218"}, {"name": "RHSA-2018:1833", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1833"}, {"name": "RHSA-2019:3892", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3892"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1131", "datePublished": "2018-05-14T00:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2019-11-14T23:07:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:infinispan:infinispan:8.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "4B705840-3A0E-42D4-BEE0-24CB9482D074", "vulnerable": true}, {"criteria": "cpe:2.3:a:infinispan:infinispan:9.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "27234495-4A38-40B7-8306-6D93EF021C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:infinispan:infinispan:9.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "58BE109B-65C4-4E75-90F6-445ED0275270", "vulnerable": true}, {"criteria": "cpe:2.3:a:infinispan:infinispan:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA084EED-174E-46DA-89FB-B04428889281", "vulnerable": true}, {"criteria": "cpe:2.3:a:infinispan:infinispan:9.3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "2CB3D8BA-445E-4BEE-81D9-E2D0FE7E3F2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "B4025D63-4AA6-4784-B5F4-EDBABA27F302", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected."}, {"lang": "es", "value": "Infinispan permite la deserializaci\u00f3n incorrecta de datos fiables mediante transcodificadores XML y JSON en ciertas configuraciones del servidor. Un usuario con acceso autenticado al servidor podr\u00eda enviar un objeto malicioso a una cach\u00e9 configurada para aceptar ciertos tipos de objetos, logrando la ejecuci\u00f3n de c\u00f3digo y, posiblemente, m\u00e1s ataques. Se cree que las versiones 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final y 9.3.0.Alpha1 se han visto afectadas."}], "id": "CVE-2018-1131", "lastModified": "2019-10-09T23:38:10.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-15T13:29:00.213", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104218"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1833"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:3892"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576492"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-349"}], "source": "secalert@redhat.com", "type": "Secondary"}]}