CVE-2020-25711
CVE-2020-25711
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Affected products
n/a · infinispanWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →