Lucene search
K

184 matches found

OSV
OSV
added 2019/06/26 1:9 a.m.22 views

GHSA-P426-QW2P-V95V Argument Injection in Apache Geode server

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.5CVSS6.3AI score0.02192EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/06/26 1:9 a.m.29 views

Argument Injection in Apache Geode server

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.5CVSS4.1AI score0.02192EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/06/24 2:36 a.m.19 views

Unauthorized Metadata Modification

Apache Geode is vulnerable to unauthorized metadata modification. This is due to a lack of proper validation of the permissions of a user who has write permissions for specific data regions. When Apache Geode is operating in secure mode, this allows the user to perform unauthorized metadata...

6.5CVSS6.3AI score0.02192EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2019/06/21 4:15 p.m.16 views

CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.5CVSS6.4AI score0.02192EPSS
Exploits0References2
OSV
OSV
added 2019/06/21 4:15 p.m.24 views

CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2019/06/21 4:15 p.m.17 views

Design/Logic Flaw

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

4CVSS6.3AI score0.02192EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/21 3:15 p.m.16 views

CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.3AI score0.02192EPSS
Exploits0References2
CVE
CVE
added 2019/06/21 3:15 p.m.356 views

CVE-2017-15694

CVE-2017-15694 affects Apache Geode server versions 1.0.0–1.8.0 when operating in secure mode. A user with write permissions for specific data regions can modify internal cluster metadata, with the malicious action potentially affecting cluster operation. The root cause is described as unauthoriz...

6.5CVSS6.3AI score0.02192EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/06/19 12:0 a.m.3 views

Apache Geode server remote code execution vulnerability

Apache Geode server is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode server versions 1.0.0 through 1.4.0. A remote attacker with th...

8.8CVSS8.8AI score0.0264EPSS
Exploits0References1
Prion
Prion
added 2018/06/13 5:29 p.m.16 views

Remote code execution

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

6.5CVSS9AI score0.0264EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/13 5:29 p.m.28 views

CVE-2017-15695

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

8.8CVSS9AI score0.0264EPSS
Exploits0References2
OSV
OSV
added 2018/06/13 5:29 p.m.23 views

CVE-2017-15695

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

8.8CVSS9.2AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/13 5:0 p.m.23 views

CVE-2017-15695

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...

9AI score0.0264EPSS
Exploits0References2
CVE
CVE
added 2018/06/13 5:0 p.m.81 views

CVE-2017-15695

CVE-2017-15695 affects Apache Geode server versions 1.0.0–1.4.0 when configured with a security manager. A user with the privileges DATA:WRITE can deploy code by invoking an internal Geode function, enabling remote code execution. The proper restriction is that code deployment should be limited t...

8.8CVSS8.9AI score0.0264EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/03/01 12:0 a.m.3 views

Apache Geode Code Execution Vulnerability (CNVD-2018-04076)

Apache Geode is the Apache Software Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. A code execution vulnerability exists in Apache Geode. A remote attacker could exploit this...

7.5CVSS7.9AI score0.02609EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/01 12:0 a.m.4 views

Apache Geode Code Execution Vulnerability (CNVD-2018-04075)

Apache Geode is the Apache Software Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. A code execution vulnerability exists in Apache Geode. An attacker can exploit this vulnerabilit...

9.8CVSS7.8AI score0.05051EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/28 12:0 a.m.5 views

Apache Geode cluster design vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster version 1.4.0. An attacker could exploit the...

7.5CVSS6.8AI score0.02043EPSS
Exploits0References1
Prion
Prion
added 2018/02/27 3:29 p.m.17 views

Path traversal

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

7.5CVSS9.6AI score0.05051EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/02/27 3:29 p.m.16 views

CVE-2017-15692

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

9.8CVSS9.8AI score
Exploits0References2
NVD
NVD
added 2018/02/27 3:29 p.m.24 views

CVE-2017-15692

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

9.8CVSS9.7AI score0.05051EPSS
Exploits0References2
Rows per page
Query Builder