CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15695

HIGH
8.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile35.63th
PublishedJun 13, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

Affected Platforms (CPE)

πŸ“¦
Apache

Geode

>= 1.0.0 and <= 1.4.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/104465
πŸ”— https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99%40%3Cuser.geode.apache.org%3E
πŸ”— http://www.securityfocus.com/bid/104465
πŸ”— https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99%40%3Cuser.geode.apache.org%3E

Related Vulnerabilities

CVE-2017-156929.8

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivile...

CVE-2016-98859.8

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geod...

CVE-2017-56497.5

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticat...

CVE-2021-347977.5

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using valu...