Vulnerability Details CVE-2020-10746
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.6
References
Products affected by CVE-2020-10746
-
cpe:2.3:a:infinispan:infinispan-server-runtime:10.0.0