3 matches found
CVE-2017-15694
CVE-2017-15694 affects Apache Geode server versions 1.0.0–1.8.0 when operating in secure mode. A user with write permissions for specific data regions can modify internal cluster metadata, with the malicious action potentially affecting cluster operation. The root cause is described as unauthoriz...
CVE-2017-15695
CVE-2017-15695 affects Apache Geode server versions 1.0.0–1.4.0 when configured with a security manager. A user with the privileges DATA:WRITE can deploy code by invoking an internal Geode function, enabling remote code execution. The proper restriction is that code deployment should be limited t...
CVE-2017-15696
The CVE-2017-15696 entry affects Apache Geode before v1.4.0. In secure mode, the Geode configuration service fails to properly authorize configuration requests, allowing an unprivileged user with access to a Geode locator to extract configuration data and previously deployed application code. Con...