CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

Published: Jun 21, 2019
Updated: Nov 8, 2023
CVE: CVE-2017-15694
GHSA: GHSA-p426-qw2p-v95v
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-88

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
apache / geode	1.0.0	1.8.0.x
org.apache.geode / geode-core	-	1.9.0

http://www.securityfocus.com/bid/108870
https://lists.apache.org/thread.html/311505e7b7a045aaa246f0a1935703acacf41b954621b1363c40bf6f@%3Cuser.geode.apache.org%3E
https://lists.apache.org/thread.html/311505e7b7a045aaa246f0a1935703acacf41b954621b1363c40bf6f%40%3Cuser.geode.apache.org%3E

Vulnerability Database

289,689

CVE-2017-15694