CVE-2020-25711 vulnerability in Infinispan and Other Products
Published on December 3, 2020
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2020-25711 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2020-25711
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25711 are published in these products:
Exploit Probability
EPSS
0.18%
Percentile
39.93%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.