CVE-2019-10158

critical

Description

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

References

Advisories
More

https://github.com/infinispan/infinispan/pull/7025

https://github.com/infinispan/infinispan/pull/6960

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158

https://security.netapp.com/advisory/ntap-20231227-0009/

Details

Source: Mitre, NVD

Published: 2020-01-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00411

Detections

Analytics