Red Hat Infinispan vulnerabilities

CVE-2025-5731 [MEDIUM] CWE-209 CVE-2025-5731: A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes s A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

CVE-2019-10158 [CRITICAL] CWE-384 CVE-2019-10158: A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the sessi A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

CVE-2016-0750 [MEDIUM] CWE-138 CVE-2016-0750: The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.