CVE-2019-10174

HIGH

Infinispan < 8.2.12 - Unsafe Reflection via ReflectionUtil invokeAccessibly Method

Title source: llm

Description

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

References (4)

Core 4

Core References

Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0481

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0727

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220210-0018/

Scores

CVSS v3 8.8

EPSS 0.0088

EPSS Percentile 75.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-470

Status published

Products (9)

infinispan/infinispan < 8.2.12

netapp/active_iq_unified_manager (3 CPE variants)

org.infinispan/infinispan-core 0 - 8.2.12.FinalMaven

redhat/fuse 1.0

redhat/jboss_data_grid

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform 7.2

redhat/openshift_application_runtimes

redhat/single_sign-on

Published Nov 25, 2019

Tracked Since Feb 18, 2026