CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the...

7.5CVSS7.1AI score0.02776EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/14 3:46 a.m.•24 views

Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...

5.3CVSS3.4AI score0.01479EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/14 3:46 a.m.•24 views

GHSA-Q7CP-R6CJ-HPF5 Apache Geode OQL bind parameter vulnerability

5.3CVSS5.1AI score0.01479EPSS

Exploits0References3

Github Security Blog•added 2022/05/14 12:57 a.m.•24 views

Apache Geode OQL method invocation vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

7.5CVSS4.1AI score0.04177EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/14 12:57 a.m.•26 views

GHSA-6M68-3W55-6MX4 Apache Geode OQL method invocation vulnerability

7.5CVSS7.7AI score0.04177EPSS

Exploits0References5

Veracode•added 2018/01/10 7:58 a.m.•18 views

Unauthorized Read And Write Access

geode-core is vulnerable to unauthorized read and write access. An OQL method invocation vulnerability exists which allows a user with read access within a Geode cluster to execute OQL queries which leads to read and write access to objects within unauthorized regions. Additionally, a user may al...

7.5CVSS7.4AI score0.04177EPSS

Exploits0References8Affected Software1

Veracode•added 2018/01/10 7:19 a.m.•20 views

Unauthorized Read Access

geode-core is vulnerable to unauthorized read access. An OQL bind parameter vulnerability allows users to gain read access to objects contained in unauthorized regions of the Geode clusters...

5.3CVSS6.5AI score0.01479EPSS

Exploits0References5Affected Software1

Prion•added 2018/01/10 3:29 a.m.•12 views

Design/Logic Flaw

3.5CVSS7AI score0.01479EPSS

Exploits0References1Affected Software1

Prion•added 2018/01/10 3:29 a.m.•13 views

Remote code execution

6CVSS7.8AI score0.04177EPSS

Exploits0References4Affected Software1

OSV•added 2018/01/10 3:29 a.m.•21 views

CVE-2017-9796

5.3CVSS5.5AI score

Exploits0References1

NVD•added 2018/01/10 3:29 a.m.•17 views

CVE-2017-9796

5.3CVSS5.2AI score0.01479EPSS

Exploits0References1

Cvelist•added 2018/01/10 3:0 a.m.•22 views

CVE-2017-9795

7.7AI score0.04177EPSS

Exploits0References4

Cvelist•added 2018/01/10 3:0 a.m.•21 views

CVE-2017-9796

5.2AI score0.01479EPSS

Exploits0References1

NVD•added 2017/04/04 6:59 p.m.•20 views

CVE-2017-5649

7.5CVSS7.3AI score0.02776EPSS

Exploits0References2

Prion•added 2017/04/04 6:59 p.m.•15 views

Design/Logic Flaw

4CVSS7.3AI score0.02776EPSS

Exploits0References2Affected Software1

CVE•added 2017/04/04 6:0 p.m.•64 views

CVE-2017-5649

CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...

7.5CVSS7.2AI score0.02776EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/04/04 6:0 p.m.•18 views

CVE-2017-5649

7.3AI score0.02776EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by