CVE-2020-25711

medium

Description

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

References

Advisories

https://security.netapp.com/advisory/ntap-20220210-0023/

https://bugzilla.redhat.com/show_bug.cgi?id=1897618

Details

Source: Mitre, NVD

Published: 2020-12-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00183