CVE-2017-15694

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.06 % (27^th)

Affected Products 1

Advisories 1

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

Weaknesses

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2019-06-21 16:15:09
(5 years ago)
Updated Date: 2023-11-07 02:40:20
(10 months ago)

Affected Products

Apache

Geode

Configuration #1

		CPE23	From	Up To
	Apache Geode from 1.0.0 version and 1.8.0 and prior versions	cpe:2.3:a:apache:geode	>= 1.0.0	<= 1.8.0