Authorization Flaw in Apache Geode Configuration Service
CVE-2017-15696
7.5HIGH
What is CVE-2017-15696?
An authorization vulnerability exists in the Apache Geode configuration service for versions prior to 1.4.0. When operating in secure mode, the service inadequately authorizes configuration requests, which could allow an unprivileged user with access to the Geode locator to extract sensitive configuration data and previously deployed application code. This flaw poses significant risks to the integrity and confidentiality of applications running within the Geode cluster.
Affected Version(s)
Apache Geode Apache Geode 1.0.0 to 1.3.0