CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: Sep 21, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31917
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
redhat / data_grid	8.0.0	8.0.0.x
redhat / data_grid	8.0.1	8.0.1.x
redhat / data_grid	8.1.0	8.1.0.x
redhat / data_grid	8.1.1	8.1.1.x
infinispan / infinispan-server-rest	12.0.0	12.1.4
infinispan / infinispan-server-rest	10.0.0	11.0.12

https://access.redhat.com/security/cve/cve-2021-31917

Vulnerability Database

289,599

CVE-2021-31917