Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.8 views

CVE-2022-37022

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will...

8.8CVSS6.9AI score0.01274EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/09/01 12:0 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=3.0.4) +53 more potentially affected by CVE-2022-37022 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.14.4)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.14.4 and more Source cves: CVE-2022-37022 Source advisory: OSV:GHSA-QF8G-VPWP-6579...

8.8CVSS7.2AI score0.01274EPSS
Exploits0
CVE
CVE
added 2022/08/31 7:0 a.m.119 views

CVE-2022-37022

CVE-2022-37022 affects Apache Geode up to versions 1.12.2 and 1.13.2, where deserialization of untrusted data is possible when using JMX over RMI on Java 11. The underlying issue enables a remote attacker to trigger deserialization via JMX/RMI, with high impact on confidentiality, integrity, and ...

8.8CVSS8.7AI score0.01274EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/31 7:0 a.m.29 views

CVE-2022-37022 Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will...

9AI score0.01274EPSS
Exploits0References1
Rows per page
Query Builder