CVE-2017-9797

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Geode Apache Software Foundation Apache Geode

Timeline

PublishedOct 3

Latest updateMay 13

Description

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 2.2 | Impact: 4.2

Affected Packages3 packages

▶Mavenorg.apache.geode:geode-core1.0.0 — 1.2.1

▶NVDapache/geode1.2.0

▶CVEListV5apache_software_foundation/apache_geode4 versions+3

🔴Vulnerability Details

GHSA

Apache Geode vulnerable to Exposure of Sensitive Information↗2022-05-13

▶

OSV

Apache Geode vulnerable to Exposure of Sensitive Information↗2022-05-13

▶

CVEList

CVE-2017-9797: When an Apache Geode cluster before v1↗2017-10-02

▶