CVE-2017-15694

CWE-884 documents4 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 27.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Geode

Timeline

PublishedJun 21

Latest updateJun 26

Description

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.geode:geode-core< 1.9.0

▶NVDapache/geode1.0.0 — 1.8.0

▶CVEListV5apache_geodeApache Geode 1.0.0 to 1.8.0

🔴Vulnerability Details

GHSA

Argument Injection in Apache Geode server↗2019-06-26

▶

OSV

Argument Injection in Apache Geode server↗2019-06-26

▶

CVEList

CVE-2017-15694: When an Apache Geode server versions 1↗2019-06-21

▶