Vulnerabilities > CVE-2017-15695 - Incorrect Authorization vulnerability in Apache Geode
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/104465
- http://www.securityfocus.com/bid/104465
- https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99%40%3Cuser.geode.apache.org%3E
- https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99%40%3Cuser.geode.apache.org%3E