CVE-2023-5384

Summary

CVE-2023-5384 is a vulnerability affecting Infinispan, an open-source data grid platform. The issue arises during the serialization process of the cache configuration to XML, JSON, or YAML formats. If the configuration contains sensitive credentials, such as those used in JDBC stores with connection pooling or remote stores, these credentials will be exposed in clear text as part of the serialized configuration. This vulnerability can lead to unauthorized access if an attacker obtains the serialized configuration file. It is recommended that users of Infinispan upgrade to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.