184 matches found
CVE-2017-9795
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...
CVE-2017-9796
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...
CVE-2017-12622
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
CVE-2017-12622
Summary: Apache Geode gfsh authorization vuln allows an authenticated user to read status information and control cluster members via HTTP in clusters running a Geode version before 1.3.0, even without CLUSTER:MANAGE privileges. Affected product/version: Apache Geode; versions before 1.3.0. Impac...
CVE-2017-9796
CVE-2017-9796 affects Apache Geode prior to v1.3.0 when operating in secure mode. A user with read access to certain regions can have their OQL query bind parameter specify a region name, which may grant read access to objects in unauthorized regions. This is documented in multiple sources (GitHu...
CVE-2017-9796
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...
CVE-2017-12622
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
CVE-2017-9795
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...
Apache Geode cluster information disclosure vulnerability
Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster versions prior to 1.2.1. A remote attacker could...
Information Disclosure And Denial Of Service (DoS)
Apache Geode is vulnerable to information disclosure and denial of service DoS attacks. These attacks are possible when performing operations in secure mode. The application allows an unauthenticated user to use the multi-user authentication mode to send internal messages. This can lead to...
CVE-2017-9797
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
CVE-2017-9797
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
Information disclosure
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
CVE-2017-9797
The vulnerability CVE-2017-9797 affects Apache Geode clusters running versions prior to 1.2.1 in secure mode. An unauthenticated client can enter multi-user authentication mode and send metadata messages, which can disclose information about application data types and enable a denial-of-service a...
CVE-2017-9797
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
CVE-2017-9794
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
Command injection
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
CVE-2017-9794
The CVE-2017-9794 entry describes an information-disclosure flaw in Apache Geode prior to version 1.2.1: when a cluster runs in secure mode, a user with read access to certain data regions can use the gfsh CLI to run queries, and query results may include data from another user’s concurrent gfsh ...
Design/Logic Flaw
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...