CVE-2017-5649
CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...