Geode@* Security Vulnerabilities and Issues — Geode@* CVE List

Lucene search

ApacheGeode*

3 matches found

CVE•added 2017/09/30 1:29 a.m.•95 views

CVE-2017-9794

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing d...

4.3CVSS4.8AI score0.00459EPSS

CVE•added 2017/10/03 1:29 a.m.•85 views

CVE-2017-9797

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of se...

6.5CVSS6.5AI score0.00345EPSS

CVE•added 2017/04/04 6:59 p.m.•48 views

CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cl...

7.5CVSS7.2AI score0.00097EPSS