Vulnerabilities > Apache > Geode > 1.2.1

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2017-9796 Information Exposure vulnerability in Apache Geode
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
network
high complexity
apache CWE-200
5.3
5.3
2018-01-10 CVE-2017-9795 Information Exposure vulnerability in Apache Geode
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions.
network
high complexity
apache CWE-200
7.5
7.5
2018-01-10 CVE-2017-12622 Information Exposure vulnerability in Apache Geode
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
network
low complexity
apache CWE-200
7.1
7.1