Lucene search
K

287 matches found

CVE
CVE
added 2022/08/31 7:0 a.m.90 views

CVE-2022-37021

Apache Geode is vulnerable to deserialization of untrusted data when using JMX over RMI on Java 8 in versions up to 1.12.5, 1.13.4, and 1.14.0. The advised fix is to upgrade to Geode 1.15 with Java 11. If Java 11 is not possible, upgrade to Geode 1.15 and start Locators/Servers with --J=-Dgeode.e...

9.8CVSS9.5AI score0.02367EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/08/31 7:0 a.m.24 views

CVE-2022-37021 Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8.

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...

9.8CVSS7.1AI score0.02367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.3 views

PT-2022-4604 · Apache · Apache Geode

Name of the Vulnerable Software and Affected Versions: Apache Geode versions up to 1.12.2 and 1.13.2 Description: The issue is related to the deserialization of untrusted data when using JMX over RMI on Java 11, which can allow a remote attacker to execute arbitrary code. This flaw affects the JM...

10CVSS8.8AI score0.01274EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.5 views

Apache Geode 代码问题漏洞

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...

8.8CVSS8.4AI score0.01274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.4 views

PT-2022-4609 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 Description: The issue is related to the deserialization of untrusted data when using JMX over RMI on Java 8, which can allow a remote attacker to execute arbitrary code. To protect agains...

9.8CVSS9.6AI score0.02367EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.7 views

Apache Geode 代码问题漏洞

A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An attacker could exploit this vulnerability to cause remote code...

9.8CVSS8.3AI score0.02367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-4605 · Apache · Apache Geode

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.15.0 Description: The issue is related to the restoration of untrusted data in memory through the REST API interface of the Apache Geode data management platform. This can allow a remote attacker to execute...

10CVSS6.7AI score0.01335EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.6 views

Apache Geode 代码问题漏洞

Apache Geode is the Apache Foundation's suite of management platforms for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode versions prior to 1.15.0 that stems from the vulnerabilit...

6.5CVSS6.8AI score0.01335EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/05/17 2:50 a.m.5 views

org.apache.geode:geode-lucene (=1.1.0), org.apache.geode:geode-modules (=1.1.0) +5 more potentially affected by CVE-2017-5649 via org.apache.geode:geode-core (=1.1.0)

org.apache.geode:geode-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.geode:geode-core and may be impacted: - org.apache.geode:geode-lucene =1.1.0 - org.apache.geode:geode-modules =1.1.0 -...

7.5CVSS7.1AI score0.02776EPSS
Exploits0
OSV
OSV
added 2022/05/17 2:50 a.m.2 views

GHSA-2GW6-73WC-X88F Apache Geode information disclosure vulnerability

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS6AI score0.02776EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 2:50 a.m.32 views

Apache Geode information disclosure vulnerability

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS7.1AI score0.02776EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/17 12:34 a.m.4 views

GHSA-37M3-QP37-X3C6 Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS6AI score0.01178EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/17 12:34 a.m.4 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +59 more potentially affected by CVE-2017-9794 via org.apache.geode:geode-core (>=1.10.0 <=1.2.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9794 Source advisory: OSV:GHSA-37M3-QP37-X3C6...

4.3CVSS5.7AI score0.01178EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/17 12:34 a.m.32 views

Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS4.1AI score0.01178EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 3:47 a.m.6 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-12622 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-12622 Source advisory: OSV:GHSA-H22R-H77W-2G5F...

7.1CVSS7AI score0.02075EPSS
Exploits3
OSV
OSV
added 2022/05/14 3:47 a.m.24 views

GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.6AI score0.02075EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:47 a.m.23 views

Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS1.9AI score0.02075EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2022/05/14 3:46 a.m.26 views

GHSA-Q7CP-R6CJ-HPF5 Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...

5.3CVSS5.1AI score0.01479EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/14 3:46 a.m.6 views

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-9796 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9796 Source advisory: OSV:GHSA-Q7CP-R6CJ-HPF5...

5.3CVSS6AI score0.01479EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 3:46 a.m.24 views

Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...

5.3CVSS3.4AI score0.01479EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder