A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2020:0481 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2020:0727 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220210-0018/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-25T10:26:16
Updated: 2022-02-10T09:06:27
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10174
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-25T11:15:10.823
Modified: 2022-02-20T06:31:14.777
Link: CVE-2019-10174
JSON object: View
Redhat Information
No data.
CWE