Lucene search
ApacheCVELIST:CVE-2017-9795HistoryJan 10, 2018 - 3:00 a.m.
CVE-2017-9795
2018-01-1003:00:00
apache
www.cve.org
4
EPSS
0.029
Percentile
90.9%
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
CNA Affected
[
{
"product": "Apache Geode",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 1.2.1"
}
]
}
]References
www.securityfocus.com/bid/102488
lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7%40%3Cuser.geode.apache.org%3E
lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d62eb2fd97256c%40%3Cdev.geode.apache.org%3E
lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a78cd85585abd00%40%3Cdev.geode.apache.org%3E
Related
prion
prion
Remote code execution
2018-01-10 03:29:00
veracode
veracode
Unauthorized Read And Write Access
2018-01-10 07:58:19
github
github
Apache Geode OQL method invocation vulnerability
2022-05-14 00:57:16
nvd
nvd
CVE-2017-9795
2018-01-10 03:29:00
osv
osv
CVE-2017-9795
2018-01-10 03:29:00
Apache Geode OQL method invocation vulnerability
2022-05-14 00:57:16
cve
cve
CVE-2017-9795
2018-01-10 03:29:00