2 matches found
CVE-2017-5649
CVE-2017-5649 affects Apache Geode prior to 1.1.1. When a cluster has security-manager enabled, remote authenticated users with CLUSTER:READ but not DATA:READ can access the data browser page in Pulse and run an OQL query, exposing data stored in the cluster. The vulnerability is demonstrated by ...
CVE-2024-44088
Apache Geode web-api (REST) is affected by a Cross-site Scripting (XSS) vulnerability that can be exploited when a logged-in user is tricked into clicking a crafted link, potentially enabling code execution on the victim page and leading to session information theft or account takeover. All Geode...