Vulnerabilities > Apache > Geode
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-34870 | Cross-site Scripting vulnerability in Apache Geode Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 5.4 |
| 2022-01-04 | CVE-2021-34797 | Information Exposure Through Log Files vulnerability in Apache Geode Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". | 5.0 |
| 2020-03-16 | CVE-2019-10091 | Improper Certificate Validation vulnerability in Apache Geode 1.9.0 When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. | 4.0 |
| 2020-03-02 | CVE-2019-14892 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
| 2020-02-24 | CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. | 9.8 |
| 2020-01-02 | CVE-2014-0048 | Improper Input Validation vulnerability in multiple products An issue was found in Docker before 1.6.0. | 9.8 |
| 2019-06-21 | CVE-2017-15694 | Argument Injection or Modification vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. | 6.5 |
| 2018-06-13 | CVE-2017-15695 | Incorrect Authorization vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. | 8.8 |
| 2018-02-27 | CVE-2017-15693 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. | 7.5 |
| 2018-02-27 | CVE-2017-15692 | Deserialization of Untrusted Data vulnerability in Apache Geode In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. | 9.8 |