First published: Mon May 27 2019(Updated: )
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
<=9.4.14 | ||
=7.0.0 | ||
Infinispan Infinispan | <=9.4.14 | |
Redhat Jboss Data Grid | =7.0.0 | |
maven/org.infinispan:infinispan-core | <9.4.15.Final | 9.4.15.Final |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw in Infinispan is CVE-2019-10158.
The severity of CVE-2019-10158 is critical.
Versions up to and including 9.4.14.Final of Infinispan are affected by CVE-2019-10158.
The vulnerability in the Spring Session integration of Infinispan can result in incorrect session handling.
Yes, fixes are available. Please refer to the provided references for more information.