CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 4.0

References

http://mail-archives.apache.org/mod_mbox/geode-user/201704.mbox/%3cCAEwge-E4y=EVfhwpfRwsbnBH_hBS3Q-BJS+1BX5omYGW4dnR1w%40mail.gmail.com%3e
http://www.securityfocus.com/bid/97378
http://mail-archives.apache.org/mod_mbox/geode-user/201704.mbox/%3cCAEwge-E4y=EVfhwpfRwsbnBH_hBS3Q-BJS+1BX5omYGW4dnR1w%40mail.gmail.com%3e
http://www.securityfocus.com/bid/97378

Products affected by CVE-2017-5649

Apache » Geode » Version: 1.0.0

cpe:2.3:a:apache:geode:1.0.0
Apache » Geode » Version: 1.1.0

cpe:2.3:a:apache:geode:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5649

Products

Pricing

Contact Us