CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9797

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.8

References

http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA%40mail.gmail.com%3e
http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA%40mail.gmail.com%3e

Products affected by CVE-2017-9797

Apache » Geode » Version: 1.0.0

cpe:2.3:a:apache:geode:1.0.0
Apache » Geode » Version: 1.1.0

cpe:2.3:a:apache:geode:1.1.0
Apache » Geode » Version: 1.1.1

cpe:2.3:a:apache:geode:1.1.1
Apache » Geode » Version: 1.2.0

cpe:2.3:a:apache:geode:1.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9797

Products

Pricing

Contact Us