Apache Geode OQL Method Invocation Vulnerability in Secure Mode
CVE-2017-9795

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Geode
Vendor
CVE Published:
10 January 2018

Summary

A vulnerability exists in Apache Geode when operating in secure mode prior to version 1.3.0, where users with read access can execute OQL queries. These queries potentially grant unauthorized read and write access to sensitive objects in secured regions, and may also allow execution of remote code, posing significant security risks to affected systems.

Affected Version(s)

Apache Geode 1.0.0 to 1.2.1

References

https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/102488
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/3a48163ca1fff757aefa...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.