CVE-2019-10174 Vulnerability Details

  /     /     /  

CVE-2019-10174 Metadata Quick Info

CVE Published: 25/11/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: redhat | Vendor: [UNKNOWN] | Product: infinispan
Status : PUBLISHED

CVE-2019-10174 Description

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan\'s privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-470
CWE Name: CWE-470
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2019-10174 Vulnerability Details