CVE-2023-3628

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Published: Dec 18, 2023
Updated: Dec 30, 2023
CVE: CVE-2023-3628
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	6	6.x
redhat / data_grid	-	8.4.4

https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-3628
https://bugzilla.redhat.com/show_bug.cgi?id=2217924
https://security.netapp.com/advisory/ntap-20240125-0004/

Vulnerability Database

289,598

CVE-2023-3628