Apache Geode vulnerabilities

CVE-2017-9797 [MEDIUM] CWE-200 CVE-2017-9797: When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client ca When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

CVE-2017-9794 [MEDIUM] CWE-200 CVE-2017-9794: When a cluster is operating in secure mode, a user with read privileges for specific data regions ca When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

CVE-2017-5649 [HIGH] CWE-200 CVE-2017-5649: Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager prope Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.