Main Vulnerability Database SB2018051525

SB2018051525 - Privilege escalation in Infinispan

Published: May 15, 2018 Updated: November 19, 2019

Security Bulletin ID SB2018051525

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2018-1131)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data. A local user can pass specially crafted XML or JSON data to a cache configured to accept certain types of objects and execute arbitrary code on the target system with elevated privileges.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2018:1833
https://bugzilla.redhat.com/show_bug.cgi?id=1576492
https://access.redhat.com/security/cve/CVE-2018-1131