cpe:/a:infinispan:infinispan:9.1.6 cpe:/a:infinispan:infinispan:9.2.0:alpha1 cpe:/a:infinispan:infinispan:9.2.0:alpha2 cpe:/a:infinispan:infinispan:9.2.0:beta1 cpe:/a:infinispan:infinispan:9.2.0:beta2 cpe:/a:infinispan:infinispan:9.2.0:cr1 CVE-2017-15089 2018-02-15T12:29:00.207-05:00 2019-06-04T13:29:00.287-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SECTRACK 1040360 REDHAT RHSA-2018:0294 REDHAT RHSA-2018:0478 REDHAT RHSA-2018:0479 REDHAT RHSA-2018:0480 REDHAT RHSA-2018:0481 REDHAT RHSA-2018:0501 REDHAT RHSA-2019:1326 CONFIRM https://github.com/infinispan/infinispan/pull/5639 It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.