Vulnerabilities > Apache > Geode
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-26 | CVE-2017-15696 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. | 7.5 |
| 2018-01-10 | CVE-2017-9796 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | 5.3 |
| 2018-01-10 | CVE-2017-9795 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. | 7.5 |
| 2018-01-10 | CVE-2017-12622 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. | 7.1 |
| 2017-10-03 | CVE-2017-9797 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. | 6.5 |
| 2017-09-30 | CVE-2017-9794 | Information Exposure vulnerability in Apache Geode When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. | 4.3 |
| 2017-04-04 | CVE-2017-5649 | Information Exposure vulnerability in Apache Geode 1.0.0/1.1.0 Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster. | 7.5 |