287 matches found
CVE-2022-37021
Apache Geode is vulnerable to deserialization of untrusted data when using JMX over RMI on Java 8 in versions up to 1.12.5, 1.13.4, and 1.14.0. The advised fix is to upgrade to Geode 1.15 with Java 11. If Java 11 is not possible, upgrade to Geode 1.15 and start Locators/Servers with --J=-Dgeode.e...
CVE-2022-37021 Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8.
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...
PT-2022-4604 · Apache · Apache Geode
Name of the Vulnerable Software and Affected Versions: Apache Geode versions up to 1.12.2 and 1.13.2 Description: The issue is related to the deserialization of untrusted data when using JMX over RMI on Java 11, which can allow a remote attacker to execute arbitrary code. This flaw affects the JM...
Apache Geode 代码问题漏洞
A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures, which stems from a vulnerability to untrusted data deserialization wh...
PT-2022-4609 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 Description: The issue is related to the deserialization of untrusted data when using JMX over RMI on Java 8, which can allow a remote attacker to execute arbitrary code. To protect agains...
Apache Geode 代码问题漏洞
A remote code execution vulnerability exists in Apache Geode, the Apache Foundation's management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An attacker could exploit this vulnerability to cause remote code...
PT-2022-4605 · Apache · Apache Geode
Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.15.0 Description: The issue is related to the restoration of untrusted data in memory through the REST API interface of the Apache Geode data management platform. This can allow a remote attacker to execute...
Apache Geode 代码问题漏洞
Apache Geode is the Apache Foundation's suite of management platforms for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode versions prior to 1.15.0 that stems from the vulnerabilit...
org.apache.geode:geode-lucene (=1.1.0), org.apache.geode:geode-modules (=1.1.0) +5 more potentially affected by CVE-2017-5649 via org.apache.geode:geode-core (=1.1.0)
org.apache.geode:geode-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.geode:geode-core and may be impacted: - org.apache.geode:geode-lucene =1.1.0 - org.apache.geode:geode-modules =1.1.0 -...
GHSA-2GW6-73WC-X88F Apache Geode information disclosure vulnerability
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
Apache Geode information disclosure vulnerability
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...
GHSA-37M3-QP37-X3C6 Apache Geode gfsh query vulnerability
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +59 more potentially affected by CVE-2017-9794 via org.apache.geode:geode-core (>=1.10.0 <=1.2.0)
org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9794 Source advisory: OSV:GHSA-37M3-QP37-X3C6...
Apache Geode gfsh query vulnerability
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-12622 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)
org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-12622 Source advisory: OSV:GHSA-H22R-H77W-2G5F...
GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
GHSA-Q7CP-R6CJ-HPF5 Apache Geode OQL bind parameter vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-9796 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)
org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9796 Source advisory: OSV:GHSA-Q7CP-R6CJ-HPF5...
Apache Geode OQL bind parameter vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...