VYPR

Geode

by Apache

Source repositories

CVEs (3)

  • CVE-2017-5649HigApr 4, 2017
    risk 0.49cvss 7.5epss 0.03

    Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes…

  • CVE-2017-9797MedOct 3, 2017
    risk 0.42cvss 6.5epss 0.01

    When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could…

  • CVE-2017-9794MedSep 30, 2017
    risk 0.28cvss 4.3epss 0.01

    When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query,…