JDG REST API does not enforce auth constraints.
Doc text: It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Name: Jonathan Mason (Red Hat)
This was fixed in infinispan 9.0.0.Final, via jira ISPN-7485
This issue has been addressed in the following products:
Via RHSA-2017:1097 https://access.redhat.com/errata/RHSA-2017:1097