Vulnerabilities > Apache > Geode > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-34870 | Cross-site Scripting vulnerability in Apache Geode Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 5.4 |
| 2022-08-31 | CVE-2022-37023 | Deserialization of Untrusted Data vulnerability in Apache Geode Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. | 6.5 |
| 2019-06-21 | CVE-2017-15694 | Argument Injection or Modification vulnerability in Apache Geode When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. | 6.5 |
| 2018-01-10 | CVE-2017-9796 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. | 5.3 |
| 2017-10-03 | CVE-2017-9797 | Information Exposure vulnerability in Apache Geode When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. | 6.5 |
| 2017-09-30 | CVE-2017-9794 | Information Exposure vulnerability in Apache Geode When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. | 4.3 |