CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15692

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile5.71th
PublishedFeb 27, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Affected Platforms (CPE)

πŸ“¦
Apache

Geode

< 1.4.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103205
πŸ”— https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
πŸ”— http://www.securityfocus.com/bid/103205
πŸ”— https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2016-98859.8

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geod...

CVE-2017-156958.8

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is al...

CVE-2017-56497.5

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticat...

CVE-2021-347977.5

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using valu...