A vulnerability was found in Infinispan up to version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration may result in an incorrect session handling Referrences: https://issues.jboss.org/browse/ISPN-10224 Upstream Patch: https://github.com/infinispan/infinispan/pull/6960
Created infinispan tracking bugs for this issue: Affects: fedora-all [bug 1714360]
Red Hat OpenStack - OpenDaylight This vulnerability is within org.infinispan.spring.common.session which is not included in OpenDaylight.
The following products are marked as notaffected because they do not contain the vulnerable library. * Enterprise Application Platform * JBoss Fuse Service Works * JBoss Fuse * JBoss Data Virtualization & Services * JBoss Operations Network * OpenShift Application Runtimes * Process Automation Manager * Single Sign-On (RH-SSO)
This issue has been addressed in the following products: Red Hat Data Grid Via RHSA-2019:4037 https://access.redhat.com/errata/RHSA-2019:4037